The Federal Bureau of Investigations is in many ways on the front lines of the fight against both cybercrime and cyber-espionage in the US. These days, the organization responds to everything from ransomware attacks to data thefts by foreign government-sponsored hackers. But the FBI has begun to play a role in the defense of networks before attacks have been carried out as well, forming partnerships with some companies to help prevent the loss of critical data.
Sometimes, that involves field agents proactively contacting companies when they have information of a threat—as two FBI agents did when they caught wind of researchers trying to alert casinos of vulnerabilities they said they had found in casino kiosk systems. “We have agents in every field office spending a large amount of time going out to companies in their area of responsibility establishing relationships,” Long T. Chu, acting assistant section chief for the FBI’s Cyber Engagement and Intelligence Section, told Ars. “And this is really key right now—before there’s a problem, providing information to help these companies prepare their defenses. And we try to provide as specific information as we can.”
But the FBI is not stopping its consultative role at simply alerting companies to threats. An FBI flyer shown to Ars by a source broadly outlined a new program aimed at helping companies fight data theft “caused by an insider with illicit access (or systems administrator), or by a remote cyber actor.” The program, called IDLE (Illicit Data Loss Exploitation), does this by creating “decoy data that is used to confuse illicit… collection and end use of stolen data.” It’s a form of defensive deception—or as officials would prefer to refer to it, obfuscation—that the FBI hopes will derail all types of attackers, particularly advanced threats from outside and inside the network.
In a discussion about the FBI’s overall philosophy on fighting cybercrime, Chu told Ars that the FBI is “taking more of a holistic approach” these days. Instead of reacting to specific events or criminal actors, he said, “we’re looking at cyber crime from a key services aspect”—aka, what are the things that cybercriminals target?—”and how that affects the entire cyber criminal ecosystem. What are the centers of gravity, what are the key services that play into that?”
In the past, the FBI got involved only when a crime was reported. But today, the new approach means playing more of a consultative role to prevent cybercrime through partnerships with both other government agencies and the private sector. “If you ever have the opportunity to go to the courtyard at FBI Headquarters, there’s a quote there. ‘The most effective weapon against crime is cooperation, the efforts of all law enforcement and the support and understanding of the American people.’ That can not be more true today, but it expands from beyond just law enforcement to the private sector,” Chu said. “That’s because we’re facing one of the greatest threats that our nation has ever faced, arguably, and that’s the cyber threat.”
An example of that sort of outreach was visible in a case Ars reported on in March—that of the casino kiosk vendor Atrient. FBI Las Vegas field office and FBI Cyber Division agents picked up on Twitter posts about an alleged vulnerability in Atrient’s infrastructure, and the agents connected the company and an affected customer with the researchers to resolve the issue (which, in Atrient’s case at least, went somewhat awry). But in these situations, the FBI now also shares information it gathers from other sources, including data gathered from ongoing investigations.
Sharing happens a lot faster, Chu said, when there’s a “preexisting relationship with our partners, so we know exactly who we need to call and vice versa.” And information flows faster when it goes both ways. “Just as we’re trying hard to get the private industry information as fast as possible, it’d be a lot more effective if we’re getting information from the private industry as well,” he said. Exchanging information about IP addresses, indicators of compromise, and other threat data allows the FBI to aggregate the data, “run that against our databases and all our resources, and come up with a much stronger case, so to speak, against our adversaries,” Chu noted, “along with trying to attribute or identify who did it will prevent further attacks from happening.”
Some information sharing takes the form of collaboration with industry information sharing and analysis centers (ISACs) and “Flash” and “Private Industry Notice” (PIN) alerts on cybercrime issues. And to build more direct relationships with companies’ security executives, the FBI also offers a “CISO Academy” for chief information security officers twice a year at the FBI Academy in Quantico, Virginia. Attendees are indoctrinated on the FBI’s investigation approaches, and they learn what kind of evidence needs to be preserved to help spur investigations forward.
But for some sectors of particular interest, the FBI is now trying to get a deeper level of collaboration going—especially with companies in the defense industry base (DIB) and other critical infrastructure industries. The FBI sees these areas as crucial industry-spanning networks, and it hopes to build a defense in-depth against cyber-espionage, intellectual property theft, and exposure of other data that could be used particularly by other nations in a way that could impact national security or the economy.
That’s precisely where IDLE comes in.
It’s true that inorganic users don’t yell at customer-service reps or trash-talk companies on Twitter. But connected devices can also benefit from some less-obvious upgrades that 5G should deliver—and we, their organic overlords, could profit in the long run.
You may have heard about 5G’s Internet-of-Things potential yourself in such gauzy statements as “5G will make every industry and every part of our lives better” (spoken by Meredith Attwell Baker, president of the wireless trade group CTIA, at the MWC Americas trade show in 2017) and “It’s a wholly new technology ushering in a new era of transformation” (from Ronan Dunne, executive vice president and CEO of Verizon’s consumer group, at 2019’s Web Summit conference).
But as with 5G in the smartphone and home-broadband contexts, the ripple effects alluded to in statements are potentially huge—and they will take years to land on our shores. Yes, you’ve heard this before: the news is big, but it’s still early days.
Massively multiplayer mobile bandwidth
The long-term map for 5G IoT promises to support a density of devices far beyond what current-generation LTE can deliver—up to a million “things” per square kilometer, versus almost 61,000 under today’s 4G. That density will open up possibilities that today would require a horrendous amount of wired connectivity.
For example, precision-controlled factories could take advantage of the space in the airwaves to implement extremely granular monitoring, and 5G IoT promises to do that job for less. “You can put tons of environmental sensors everywhere,” said Recon Analytics founder Roger Entner. “You can put a tag on every piece of equipment.”
“Either I upgrade this to fiber to connect the machines, or I use millimeter-wave 5G in the factory,” echoes Rüdiger Schicht, a senior partner with the Boston Consulting Group. “Everything we hear on reliability and manageability of that infrastructure indicates that 5G is superior.”
Millimeter-wave 5G runs on bands of frequencies starting at 24GHz, far above the frequencies employed for LTE. The enormous amounts of free spectrum up there allow for gigabit speeds—at the cost of range, which would be limited to a thousand feet or so. That still exceeds Wi-Fi’s reach, though.
Low-band 5G on the same frequencies today used for 4G doesn’t allow for a massive speed boost but should at least cover far more ground, while mid-band 5G should offer a good mix of speed and coverage—at least, once carriers have more free spectrum on which to provide that coverage. (If you’d like a quick refresher on the various flavors of 5G, our story from a couple of weeks ago has you covered!)
In the United States, fixing those spectrum issues hinges on the Federal Communications Commission’s recently-announced plan to auction off 280MHz of so-called C-band spectrum, between 3.2MHz and 3.98MHz, on a sped-up timetable that could see those bands in service in two to three years.
And that means there’s some time to figure things out. Companies aren’t lighting up connected devices by the millions just yet.
The current 5G standard—formally speaking, 3GPP Release 15—does not include support for the enormous device density we’re talking about. That will have to wait until Release 16, now in its final stages of approval, although Entner warns that we won’t see compatible hardware for at least another year or two.
Deepfake technology uses deep neural networks to convincingly replace one face with another in a video. The technology has obvious potential for abuse and is becoming ever more widely accessible. Many good articles have been written about the important social and political implications of this trend.
This isn’t one of those articles. Instead, in classic Ars Technica fashion, I’m going to take a close look at the technology itself: how does deepfake software work? How hard is it to use—and how good are the results?
I thought the best way to answer these questions would be to create a deepfake of my own. My Ars overlords gave me a few days to play around with deepfake software and a $1,000 cloud computing budget. A couple of weeks later, I have my result, which you can see above. I started with a video of Mark Zuckerberg testifying before Congress and replaced his face with that of Lieutenant Commander Data (Brent Spiner) from Star Trek: The Next Generation. Total spent: $552.
The video isn’t perfect. It doesn’t quite capture the full details of Data’s face, and if you look closely you can see some artifacts around the edges.
Still, what’s remarkable is that a neophyte like me can create fairly convincing video so quickly and for so little money. And there’s every reason to think deepfake technology will continue to get better, faster, and cheaper in the coming years.
In this article I’ll take you with me on my deepfake journey. I’ll explain each step required to create a deepfake video. Along the way, I’ll explain how the underlying technology works and explore some of its limitations.
Deepfakes need a lot of computing power and data
We call them deepfakes because they use deep neural networks. Over the last decade, computer scientists have discovered that neural networks become more and more powerful as you add additional layers of neurons (see the first installment of this series for a general introduction to neural networks). But to unlock the full power of these deeper networks, you need a lot of data and a whole lot of computing power.
That’s certainly true of deepfakes. For this project, I rented a virtual machine with four beefy graphics cards. Even with all that horsepower, it took almost a week to train my deepfake model.
I also needed a heap of images of both Mark Zuckerberg and Mr. Data. My final video above is only 38 seconds long, but I needed to gather a lot more footage—of both Zuckberg and Data—for training.
To do this, I downloaded a bunch of videos containing their faces: 14 videos with clips from Star Trek: The Next Generation and nine videos featuring Mark Zuckerberg. My Zuckerberg videos included formal speeches, a couple of television interviews, and even footage of Zuckerberg smoking meat in his backyard.
I loaded all of these clips into iMovie and deleted sections that didn’t contain Zuckerberg or Data’s face. I also cut down longer sequences. Deepfake software doesn’t just need a huge number of images, but it needs a huge number of different images. It needs to see a face from different angles, with different expressions, and in different lighting conditions. An hour-long video of Mark Zuckerberg giving a speech may not provide much more value than a five-minute segment of the same speech, because it just shows the same angles, lighting conditions, and expressions over and over again. So I trimmed several hours of footage down to 9 minutes of Data and 7 minutes of Zuckerberg.
It’s that time of year again—time to buy more board games than you possibly have time to play.
To aid you in your quest, we’ve once again updated our massive board game buyer’s guide for the year by adding new entries, pruning some old ones, and bringing things in line with our current thoughts. This isn’t necessarily a list of our favorite games of all time; it’s just a big list of games we’re recommending in 2019. The list is divided into sections that cater to different audiences, and we think there’s something here for just about everyone.
Whether you’re looking to pick up your next cardboard obsession or need a gift idea for your weird cousin who’s always going on about “efficient resource trade routes,” you’re in the right place.
Table of Contents
- Family and new gamers
- Next steps
- Midweight strategy
- Thematic games
- Heavier fare
- Card games
- Modern classics
- Two-player games
- Escape room games
- Stocking stuffers
For fun, here’s a giant gallery of the box art for every game in this guide:
Note: Ars Technica may earn compensation for sales from links on this post through affiliate programs.
The last installment in our five-part holiday gift guide series this year is tailored for power users—those who know their way around technology and feel uneasy settling for gear that doesn’t provide high performance.
The nine gadgets we’ve rounded up below may be overkill for most of the people in your life, but they should satisfy those who consider themselves enthusiasts in some way. Per usual, we’ve curated these recommendations based on hands-on testing we’ve done over the course of 2019. If none of these items fit your shopping list’s needs, though, take a look at our previous gift guides for the home, the office, the road, and affordable gadgets for additional inspiration. For now, though, let’s indulge a little in the latest and greatest tech.
Note: Ars Technica may earn compensation for sales from links on this post through affiliate programs.
The Razer Viper is marketed as a competitive gaming mouse, and it works well for that purpose. But it’s excellent for everyday use as well. The main draw here is lightness: at just 69 grams, the Viper is a breeze to slide around. It has a flatter shape and might appeal more to “claw” grippers than its peers, but it’s contoured gently on the top and sides, with a slightly flared-out bottom that gives room for your palm to rest. Everyone has their preferences when it comes to mice design, but something this light and uncomplicated should present little fatigue over the course of the day.
Beyond that, the Viper’s RGB lighting is limited to subtle changes on the Razer logo, so it doesn’t come off as gaudy the way other gaming mice do. The main right and left buttons feel quick and crisp, due in part to an optical switch design that makes double-clicks rare. They should also keep the Viper more durable over time. (For what it’s worth, we’ve tested the mouse for four months and have encountered no reliability issues thus far.) The scroll wheel is a bit on the slower side but still comes off smooth. The optical sensor has up to a 16,000 DPI resolution, which is overkill, but it tracks smoothly and consistently across surfaces all the same. Razer’s companion software is far from required to get the Viper working, but it’s unobtrusive enough, and it can be used to fine tune DPI presets and adjust more granular settings like lift sensitivity. The cable is exceedingly light and flexible. And the whole design is ambidextrous, so lefties aren’t left out in the dark.
There are things to nitpick about the Viper. The side buttons are consistent but sit fairly flush against the side of the mouse. The hard rubberized texture on those sides isn’t quite as grippy as it could be. And while we like the DPI adjustment button being on the bottom of the device, since it makes accidental presses less likely, others may prefer it being more readily accessible on top. It’s not the cheapest mouse, either. But as a gift, the Viper is highly comfortable and performant for power users of all kinds.
SanDisk Extreme Portable SSD
While there are plenty of storage solutions for your home or office data, SanDisk’s Extreme Portable SSD is a good option for data you need with you wherever you go. The surprisingly small, portable SSD is IP55-rated, so it will withstand water and dust, as well as shock and vibrations. It can even be dropped from up to two meters without suffering any damage.
That’s impressive for an SSD that can fit comfortably into the palm of your hand. While it has one USB-C port on it, it comes with both USB-C and USB-A cables so it can be connected to almost any PC. All of this combined makes it one of the easiest SSDs to travel with, and one of the most convenient to use for most people.
Available in 250GB, 500GB, 1TB, and 2TB options, the SanDisk Extreme SSD is also one of the fastest portable storage solutions that we’ve tested. It’s similar to Samsung’s T5 SSD in data read and write speeds, making it one of the fastest you can get that also has a truly portable (and durable) design. Samsung’s T5 SSD is more affordable, but SanDisk’s Extreme SSD is better for power users because it has that extra layer of protection in its design along with the same ease of use as Samsung’s device.
SanDisk Extreme Portable SSD (1TB)
Listing image by Jeff Dunn
It’s once again that special time of year when we give you a chance to do well by doing good. That’s right—it’s time for the 2019 edition of our annual Charity Drive.
Every year since 2007, we’ve been actively encouraging readers to give to Penny Arcade’s Child’s Play charity, which provides toys and games to kids being treated in hospitals around the world. In recent years, we’ve added the Electronic Frontier Foundation to our annual charity push, aiding in their efforts to defend Internet freedom. This year, as always, we’re providing some extra incentive for those donations by offering donors a chance to win pieces of our big pile of vendor-provided swag. We can’t keep it (ethically), and we don’t want it clogging up our offices anyway. So, it’s now yours to win.
This year’s swag pile is full of high-value geek goodies. We have over 50 prizes amounting to over $4,500 in value, including game consoles, computer accessories, collectibles, smartwatches, and more. In 2018, Ars readers raised over $20,000 for charity, contributing to a total haul of more than $300,000 since 2007. We want to raise even more this year, and we can do it if readers really dig deep.
How it works
Donating is easy. Simply donate to Child’s Play using PayPal or donate to the EFF using PayPal, credit card, or Bitcoin. You can also support Child’s Play directly by picking an item from the Amazon wish list of a specific hospital on its donation page. Donate as much or as little as you feel comfortable with—every little bit helps.
We’ll then contact the winners and have them choose their prize by January 31 (choosing takes place in the order the winners are drawn).
Here are quick descriptions of some of the biggest, most desirable prizes in this year’s contest. See page two for a complete list of available prizes.
Gears 5 Xbox One X bundle
Get in on 4K gaming with this console bundle. It includes a black 1TB Xbox One X, a downloadable copy of Gears 5, two controllers, a controller charging dock, an art book, Gears 5 novelization, a Marcus Fenix toy, a branded Rockstar energy drink can, and more.
GAEMS G170 Sentinel Personal Gaming Environment
Take your HD gaming on the go with this combination console carrying case and 17.3″ IPS FHD display. It features improved sound quality and viewing angles over previous GAEMS carrying cases, and it comes with a power supply, accessory bag, cables, and a remote control.
Logitech G Powerplay wireless charge gaming mouse set
Enjoy the freedom of a wireless gaming mouse without the hassle of having to stop the action to plug in or replace the batteries, thanks to the wireless induction charging in the G Powerplay charging mat. This includes the charging mat (with hard and soft surfaces), G703 and G903 series mice, accessories, and cables for wired gaming options.
Sega Genesis Mini and “Tower of Power” accessories
The Genesis Mini is one of the finest “plug and play” retro consoles out there. But it becomes even cooler with the cosmetic “Tower of Power” set, which adds a miniature replica Sega CD, 32X, and a Sonic the Hedgehog cartridge to the mix. While the “Tower of Power” bundle is on sale in Japan, this US edition was provided exclusively to press.
Nothing grabbing your eye yet? The next page has dozens more prizes you can win by entering. Have a look!
When it comes to the possibility of home broadband competition, we want to believe. And in the case of 5G mobile broadband, wireless carriers want us to believe, too. But whether or not technological and commercial realities will reward that faith remains unclear. As with 5G smartphones, the basic challenge here sits at the intersection of the electromagnetic spectrum and telecom infrastructure economics.
When delivered over millimeter-wave frequencies and their copious amounts of free spectrum, 5G can match the speed and latency of fiber-optic broadband, with downloads of 1 gigabit per second and ping times under 10 milliseconds. But on those frequencies of 24GHz and up, signals struggle to reach more than a thousand feet outdoors. Carriers can fix that by building many more cell sites, each with its own fiber backhaul, but a fiber-to-the-block build-out may not be appreciably cheaper than fiber-to-the-home deployments. And while residences don’t move and don’t mind wireless antennas larger than a shirt pocket—unlike individual wireless subscribers—residences also have walls that often block mmWave signals. (Presumably also unlike individual wireless subscribers.)
The other frequency flavors of 5G (the low- and mid-band ones) don’t suffer mmWave’s allergies to distance or drywall. But they also can’t match its speed or its spectrum availability—which in the context of residential broadband means they may not sustain uncapped bandwidth.
So as much as residential customers might yearn for an alternative to their local telecom monopoly—or for any form of high-speed access besides laggy connectivity from satellites in geosynchronous orbit—5G doesn’t yet rank as a sure thing. There’s a promise, but many things still need to go right for that promise to be fulfilled.
Or, as New Street Research analyst Jonathan Chaplin phrased things in an email: “If your fundamental question is ‘will 5G allow you to dump Comcast’ the answer is absolutely! Depending.”
Verizon’s bet on millimeter-wave broadband
At $70 a month for unlimited data—with a $20 discount if you have a $30 or higher Verizon Wireless smartphone plan—and with download speeds from 300 to 940 megabits per second, the service would compare well with cable even if so many cable Internet plans didn’t include data caps and slap on modem-rental fees.
Reddit threads about the service in Houston, Sacramento and elsewhere offer a mix of praise for its performance (including reports of upload speeds in the range of 200Mbps, significantly faster than what most cable services offer) and complaints about it not being available at individual redditors’ addresses.
“Towards the beginning of service, there were a few firmware issues with the modem Verizon provided, but they patched that within a month,” said a software engineer in Sacramento who asked not to be named. “Since then, there’s not been significant downtime that I noticed.”
“Overall I’m happy with my 5G,” wrote another 5G Home user in Houston who runs a crisis-management firm. “No downtime that I can remember. I don’t have my exact speeds but it seems pretty quick. More than enough for my TV streaming and Web surfing.”
“There were only a few short (less than 30 min?) cases of 5G service downtime that I can recall, and they were all mostly toward the beginning of my service, so I imagine they were able to fix those stability issues quickly enough,” wrote Vincent Garcia, a software engineer in Sacramento. “My speeds seem to be the same as when I first got the service: 300-600 Mbps down, 120-140 Mbps up.”
Garcia noted one other benefit: “One interesting thing I’ve noticed is that other ISPs in my area seem to have stepped up their game in terms of value (at least in terms of their initial contract period).”
One early fear raised about millimeter-wave 5G, that it would suffer from “rain fade” akin to what cuts out satellite-TV reception during showers, doesn’t yet appear to have emerged as a serious problem. Those Reddit discussions about Verizon’s service don’t mention it, while a Twitter search reveals no firsthand reports of rain-faded 5G.
Ashutosh Dutta, a research scientist at the Johns Hopkins University’s Applied Physics Laboratory, pointed to a 2019 study by researchers at the Indian Institute of Information Technology Kalyani and the University of Calcutta’s Institute of Radio Physics and Electronics in West Bengal, India. They found that “proper fade mitigation techniques” can keep even heavy rain from disrupting millimeter-wave communication at frequencies up to 40 GHz. Verizon’s 5G Home, at 28 and 39 GHz, sits on the forgiving side of that line.
So far, our 2019 holiday gift guide series has covered gifts for those on a budget, gifts for frequent travelers, and gifts for the home. Today, we’re turning our attention to the office and general productivity needs.
Below you’ll find another hand-picked batch of recommendations based on a year’s worth of product testing. These are thoughtful yet pragmatic gifts to help improve your friends’ and family’s work spaces through technology. From password managers to keyboards to business-friendly laptops, we know firsthand that each of the products below can make productive time less of a slog.
Note: Ars Technica may earn compensation for sales from links on this post through affiliate programs.
Most workplaces require you to have more usernames and passwords than you’d like. Instead of clicking that “forgot password” button once a week, 1Password can help organize and store all of your work and personal account credentials. As long as you can remember one password, the program will do the rest of the heavy lifting.
1Password keeps all of your usernames and passwords, along with secure notes, credit card numbers, and other sensitive information of your choosing, in a vault that’s secure using AES-256 bit encryption and a secret key that only you know. It also syncs across all of your devices, allowing you to quickly log in to any of your accounts with just a couple taps or clicks. 1Password also has browser extensions for the most popular browsers so, when you inevitably create a new account somewhere on the web, you can quickly save it to 1Password without thinking twice about it.
Solid security, seamless integration, and ease of use have made 1Password one of my most used programs on a daily basis. It’s sped up my workflow immeasurably, and I spend much less time fumbling with temporary passwords and emailed security codes thanks to it. And at $2.99 per month, it’s one of the most affordable ways you can make your work and personal lives a little bit easier.
Nekteck 4-port 72W USB Wall Charger
If your loved one has many devices that often need charging at the same time, the Nekteck 4-port 72W USB Wall Charger should make their day-to-day less of a headache. It’ll keep them in arm’s length of four USB charging ports, including a 60W USB-C Power Delivery (PD) port that’s capable of refilling nearly all recent smartphones and many Ultrabooks and MacBooks (15-inch MacBook Pro notwithstanding) at maximum speeds. Nekteck includes a three-foot USB-C to USB-C cable in the box, and there are three 12W USB-A ports alongside the PD port that can charge other accessories at a more traditional rate. (Just note that the whole thing can only output 72W total at a time, so you won’t get the full 12W out of each USB-A port if more than one is in use simultaneously.)
The charger connects via an AC outlet, but at 3.14×3.74×1.97 inches, the station itself won’t chew up a ton of room on a desk. It’s also been certified by the USB Implementers Forum—a body headed by Apple, Intel, and other tech giants that looks over the USB spec—so you can be confident that it won’t fry anyone’s devices over time. Plus, at $30, it’s good value for the amount of power it packs.
Nekteck 4-port 72W USB Wall Charger
A good wireless keyboard can be hard to find, but Logitech’s Craft is one of the more luxurious ones that stands out. Primarily, it’s a solid keyboard that’s relatively quiet and has decent travel, and the experience doesn’t falter even after months of continuous use. It also has a great battery life—it charges via USB-C and will last weeks on a single charge, even when used every day for hours at a time. It conveniently connect to your PC via Bluetooth or the included universal USB receiver as well.
A peculiar perk is the dial that sits at the Craft’s top-left corner. It can be programmed using Logitech options (along with other mappable keys) to do different things like adjust volume, switch tabs, and edit a photo’s contrast and brightness, and more depending on the program you’re currently using. That makes it a natural pick for creatives who will find the dial’s precision better than that of a trackpad or a mouse, but it’s also just a convenient tool for regular users as well.
Listing image by Logitech
A design flaw in the KeyWe smart lock (GKW-2000D), which is mostly used for remote-controlled entry to private residences, can be exploited by attackers to gain access to the dwellings, F-Secure researchers have found.
To add insult to injury, in this present incarnation the lock can’t receive firmware updates, meaning that the security hole can’t be easily plugged.
About KeyWe smart lock
KeyWe smart lock is developed by the Korean company KeyWe, which raised money for it on Kickstarter.
The lock can be opened via an application (Wi-Fi, Bluetooth), an armband (NFC), through a touchpad (numeric code), or mechanically (with a regular key).
It has additional options like generating one-time guest codes, unlocking the door based on proximity, etc.
About the vulnerability and the attack
F-Secure security consultants acquired the KeyWe Smart Lock by pledging on Kickstarter.
They analyzed its hardware and firmware, as well as the hardware and firmware of the accompanying KeyWe bridge (which is used to connect the lock to a wireless network) and the code of the associated Android app.
They discovered that, while the company did implement some security protections for the lock and app (not so much the bridge), a flaw in the in-house developed key exchange protocol can be exploited to, ultimately, get the secret key needed to unlock the lock.
“The hardware needed [to perform the attack] is a board able to sniff Bluetooth Low Energy traffic. It can be bought for ~10$ and used out-of-the-box,” Krzysztof Marciniak, cyber security consultant at F-Secure, told Help Net Security.
“In terms of software, this requires additional work from the attacker – in our case a Python script was developed, but pretty much any language can be used as long as it can interact with a Bluetooth controller. It should also be mentioned that the mobile application needs to be analyzed (one needs to retrieve the key generation algorithm) in order to execute this attack.”
The user doesn’t even have to lock/unlock the door with the application for the attacker to intercept the operator password – they just need to run/open the mobile application. Once the app is run, it connects to the lock to check its status, and the password can be intercepted.
The attacker (or just the intercepting device) must be within 10-15 meters from the victim for the traffic interception to work. The recording of the traffic can later be analyzed to extract the key value needed to generate the lock-opening key.
More technical information about their research and discovery can be found here and here, but since the lock can’t receive firmware updates, the researchers decided to not to share some crucial details.
Symptoms of a larger problem
The vendor has acknowledged the issue and is working on fixing it, the researchers noted, but since the lock has no firmware upgrade functionality, already deployed locks will remain vulnerable.
“The mobile application does use Bluetooth (Smart/Low Energy), so that option is not safe either. NFC could be used to counter this attack, but it is prone to other attacks (cloning the access key [armband], intercepting the traffic with proper equipment etc.),” Marciniak told us.
“The touchpad option, however, seems to be the right fallback here. That being said, the mobile application should still be paired with a mobile device – otherwise a malicious user can pair with it without any additional owner confirmation.”
Lock owners will need to replace the lock or live with the risk. The vendor told the researchers that new iterations of the app will contain a fix for this issue and, equally important, new locks will have the firmware upgrade functionality.
One cannot say that no attention has been given to security, the researchers noted, but rolling your own in-house cryptography is always a risky proposition, and so is doing no threat modeling before design and development.
“Security isn’t one size fits all. It needs to be tailored to account for the user, environment, threat model, and more. Doing this isn’t easy, but if IoT device vendors are going to ship products that can’t receive updates, it’s important to build these devices to be secure from the ground up,” Marciniak pointed out.
He recommends consumers to consider the security implications of internet-connectivity before replacing their offline devices with online versions, and advises device vendors to perform security assessments on their products as part of their design.
We’re going to try something a little different this morning. Partially in response to several requests for more maker-focused videos and partially because my executive producer is head-over-heels in love with Pocket Circuit racing in Yakuza 0, we’re bringing you the first in what we hope to make into a series called “Mini Motors,” and it’s all about tiny cars going really fast.
RC racing in all its various forms has always been a maker-y kind of hobby, and Mini 4WD serves as an excellent genre example to start with. You take a 1:30-scale battery-powered car, spend days carefully and patiently tuning the crap out of it, and then you set it loose on a curving track as fast as its little wheels can make it go—up to 40 miles per hour (about 65km/h). The Mini 4WD that wins does so by a mixture of careful planning, careful engineering, and a big heaping of pure luck.
Must go faster
For this video, we spent time talking Mini 4WD with Randy Holt, owner of the HobbyTown store in Toms River, New Jersey. The biggest factor that sets Mini 4WD apart from other RC cars is that Mini 4WD cars are hands-off during the race—once the green flag waves, the cars are on their own. They zip around the track, steered by the cars’ built-in bumpers and rollers pushing against the track walls. Though the track appears to have multiple lanes in parallel, it’s actually a single lane that spirals around the circuit, connected by a jump-over. This ensures that all the Mini 4WDs on the track are all racing the same total distance (because otherwise the inner lanes would be shorter than the outer lanes).
Holt gives us a nice overview of Mini 4WD cars, the different race classes, and a bit of a primer on tuning and engineering. The big takeaway is that the sport is friendly to newcomers and easy to get into—you can spend $15 or so on the Tamiya Yaris shown in the video, which can be assembled and ready to race in about 45 minutes. It’s also a hobby that grows with you, and at the extreme end—if your interest runs that deep—you might find yourself adding carbon fiber parts and tweaking rollers and brakes by the millimeter to eke out faster lap times. Mini 4WD has something for all levels of racer, from casual to crazy.
A whole new world
This video has also been my introduction to 4WD Mini—and it’s a vast world with a long history, stretching back to the ’90s. Video editor Aulistar Mark is a veritable fountain of 4WD Mini trivia, and he passed this tidbit to me in email as the edit was being locked:
Mini 4WD is an interesting international phenomenon. One aspect we didn’t get into, is the 90s Anime Bakusō Kyōdai Let’s & Go!! which is bound to come up in the comments. Bakusō Kyōdai Let’s & Go!!, was localized in the US as the Saturday morning cartoon “Let’s & Go!!”. The series also had several licensed games for multiple platforms in the 90s, with a couple remasters released for mobile. This would be a precursor to the Yakuza series Mini 4WD mini-game. It’s great stuff for nostalgia, since the 90s cartoons were very much made like Bandai/Hasbro cartoons designed to sell toys.
If you guys like this pilot and like the series concept, we’d love to hear some ideas in the comments for additional racing circuit types to check out—please let us know!
Artificial Intelligence—or, if you prefer, Machine Learning—is today’s hot buzzword. Unlike many buzzwords have come before it, though, this stuff isn’t vaporware dreams—it’s real, it’s here already, and it’s changing your life whether you realize it or not.
A quick overview of AI/ML
Before we go too much further, let’s talk quickly about that term “Artificial Intelligence.” Yes, it’s warranted; no, it doesn’t mean KITT from Knight Rider, or Samantha, the all-too-human unseen digital assistant voiced by Scarlett Johansson in 2013’s Her. Aside from being fictional, KITT and Samantha are examples of strong artificial intelligence, also known as Artificial General Intelligence (AGI). On the other hand, artificial intelligence—without the “strong” or “general” qualifiers—is an established academic term dating back to the 1955 proposal for the Dartmouth Summer Project on Artificial Intelligence (DSRPAI), written by Professors John McCarthy and Marvin Minsky.
All “artificial intelligence” really means is a system that emulates problem-solving skills normally seen in humans or animals. Traditionally, there are two branches of AI—symbolic and connectionist. Symbolic means an approach involving traditional rules-based programming—a programmer tells the computer what to expect and how to deal with it, very explicitly. The “expert systems” of the 1980s and 1990s were examples of symbolic (attempts at) AI; while occasionally useful, it’s generally considered impossible to scale this approach up to anything like real-world complexity.
Artificial Intelligence in the commonly used modern sense almost always refers to connectionist AI. Connectionist AI, unlike symbolic AI, isn’t directly programmed by a human. Artificial neural networks are the most common type of connectionist AI, also sometimes referred to as machine learning. My colleague Tim Lee just got done writing about neural networks last week—you can get caught up right here.
If you wanted to build a system that could drive a car, instead of programming it directly you might attach a sufficiently advanced neural network to its sensors and controls, and then let it “watch” a human driving for tens of thousands of hours. The neural network begins to attach weights to events and patterns in the data flow from its sensors that allow it to predict acceptable actions in response to various conditions. Eventually, you might give the network conditional control of the car’s controls and allow it to accelerate, brake, and steer on its own—but still with a human available. The partially trained neural network can continue learning in response to when the human assistant takes the controls away from it. “Whoops, shouldn’t have done that,” and the neural network adjusts weighted values again.
Sounds very simple, doesn’t it? In practice, not so much—there are many different types of neural networks (simple, convolutional, generative adversarial, and more), and none of them is very bright on its own—the brightest is roughly similar in scale to a worm’s brain. Most complex, really interesting tasks will require networks of neural networks that preprocess data to find areas of interest, pass those areas of interest onto other neural networks trained to more accurately classify them, and so forth.
One last piece of the puzzle is that, when dealing with neural networks, there are two major modes of operation: inference and training. Training is just what it sounds like—you give the neural network a large batch of data that represents a problem space, and let it chew through it, identifying things of interest and possibly learning to match them to labels you’ve provided along with the data. Inference, on the other hand, is using an already-trained neural network to give you answers in a problem space that it understands.
Both inference and training workloads can operate several orders of magnitude more rapidly on GPUs than on general-purpose CPUs—but that doesn’t necessarily mean you want to do absolutely everything on a GPU. It’s generally easier and faster to run small jobs directly on CPUs rather than invoking the initial overhead of loading models and data into a GPU and its onboard VRAM, so you’ll very frequently see inference workloads run on standard CPUs.
We could all use a little more help around our home, and luckily now there’s a lot of tech that can lend a hand. There are a plethora of smart home devices that can do everything from lock your doors, vacuum your carpets, or keep a watchful eye over your possessions while you’re away.
Wading through the ocean of smart home tech isn’t easy—and, admittedly, much of the smart home space is not worth your time or your money. However, we’ve tried (and personally purchased) many home tech devices that actually do deliver on what they promise. These items make keeping your home how you like it much easier.
Not all of the home tech we recommend falls into the large and nebulous category of “the Internet of Things,” either—some are kitchen appliances, home speakers, gaming accessories, and other devices that most people primarily use in the home in order to make that space feel more like our own. Some after a lot of lived-in testing time, here’s all of the home tech that we think would make great gifts this holiday season.
Philips Hue lights
One of the easiest ways to start making your home smarter is with smart light bulbs and Philips’ Hue line are a good option. First, you can get white or color bulbs—while most will be happy with plain, ol’ white, color bulbs can be fun if you want to add personality to a room with color-changing light scenes.
Second, all Hue bulbs connect to a bridge that comes with most Hue starter packs. The bridge helps the lights communicate with each other and with your home Wi-Fi, which is how you control them. Using the Hue mobile app, you can turn on and off individual lights or entire rooms lights, dim them to your liking, and set schedules. You can have all the lights in your home come on before you arrive home from work, so you’re not walking into a dark house.
Third, Hue light bulbs connect to a bunch of other smart home systems like Works with Alexa, IFTTT, Apple HomeKit, the Google Assistant, and more. That means you can control your lights using voice commands or other smart commands that you customize. Not only are Hue lights an easy and affordable way to get into smart home tech, but they also make the lights in your home even more convenient to control on a regular basis.
Philips Hue White and Color starter set
Zojirushi rice cooker
I make a lot of rice and I’ve gone through at least two rice cookers in the process. After my last $25 rice cooker broke on me, I decided to invest in the Zojirushi NS-TSC10 Micom rice cooker and—this is not hyperbole—it’s changed my cooking life. Gone are the days of burnt or undercooked rice as Zojirushi’s magical machine has propelled me into a world where all kinds of rice are cooked to perfection every single time.
I attribute this to actually reading the directions that come with the rice cooker. If you do this and follow the instructions, washing the rice before cooking and using the proper settings on the cooker itself, everything made in this machine will be tasty. In addition to rice, Zojirushi’s machine comes with a steaming basket for steaming vegetables and other foods, and it even has a cake setting.
But the machine truly shines make rice. You don’t have to guess how much water to include as the interior pot has indicators for that, and you don’t have to guess cooking times either. The machine senses how much rice and water you put into the pot and automatically sets the cooking time. All you have to do is wait for it to play a cute little jingle as soon as your rice is done and then experience rice heaven. I’ll never go back to a cheap rice cooker again, and I implore anyone who eats a lot of rice to consider a Zojirushi machine.
Zojirushi NS-TSC10 rice cooker
The long-touted fifth generation of wireless communications is not magic. We’re sorry if unending hype over the world-changing possibilities of 5G has led you to expect otherwise. But the next generation in mobile broadband will still have to obey the current generation of the laws of physics that govern how far a signal can travel when sent in particular wavelengths of the radio spectrum and how much data it can carry.
For some of us, the results will yield the billions of bits per second in throughput that figure in many 5G sales pitches, going back to early specifications for this standard. For everybody else, 5G will more likely deliver a pleasant and appreciated upgrade rather than a bandwidth renaissance.
That doesn’t mean 5G won’t open up interesting possibilities in areas like home broadband and machine-to-machine connectivity. But in the form of wireless mobile device connectivity we know best, 5G marketing has been writing checks that actual 5G technology will have a lot of trouble cashing.
A feuding family of frequencies
The first thing to know about 5G is that it’s a family affair—and a sometimes-dysfunctional one.
Wireless carriers can deploy 5G over any of three different ranges of wireless frequencies, and one of them doesn’t work anything like today’s 4G frequencies. That’s also the one behind the most wild-eyed 5G forecasts.
Millimeter-wave 5G occupies bands much higher than any used for 4G LTE today—24 gigahertz and up, far above the 2.5 GHz frequency of Sprint, hitherto the highest-frequency band in use by the major US carriers.
At those frequencies, 5G can send data with fiber optic speeds and latency—1.2 Gbps of bandwidth and latency from 9 to 12 milliseconds, to cite figures from an early test by AT&T. But it can’t send them very far. That same 2018 demonstration involved a direct line of sight and only 900 feet of distance from the transmitter to the test site.
Those distance and line-of-sight hangups still persist, although the US carriers that have pioneered millimeter-wave 5G say they’re making progress in pushing them outward.
“Once you get enough density of cell sites, this is a very strong value proposition,” said Ashish Sharma, executive vice president for IoT and mobile solutions at the wireless-infrastructure firm Inseego. He pointed in particular to recent advances in solving longstanding issues with multipath reception, when signals bounce off buildings.
Reception inside those buildings, however, remains problematic. So does intervening foliage. That’s why fixed-wireless Internet providers using millimeter-wave technology like Starry have opted for externally placed antennas at customer sites. Verizon is also selling home broadband via 5G in a handful of cities.
Below millimeter-wave, wireless carriers can also serve up 5G on mid- and low-band frequencies that aren’t as fast or responsive but reach much farther. So far, 5G deployments outside the US have largely stuck to those slower, lower-frequency bands, although the industry expects millimeter-wave adoption overseas to accelerate in the next few years.
“5G is a little more spectrally efficient than 4G, but not dramatically so,” mailed Phil Kendall, director of the service provider group at Strategy Analytics. He added that these limits will be most profound on existing LTE spectrum turned over to 5G use: “You are not going to be able to suddenly give everyone 100Mbps by re-farming that spectrum to 5G.”
And even the American carriers preaching millimeter-wave 5G today also say they’ll rely on these lower bands to cover much of the States.
For example, T-Mobile and Verizon stated early this year that millimeter-wave won’t work outside of dense urban areas. And AT&T waited until it could launch low-band 5G in late November to start selling service to consumers at all; the low-resolution maps it posted then show that connectivity reaching into suburbs.
Sprint, meanwhile, elected to launch its 5G service on the same 2.5GHz frequencies as its LTE, with coverage that is far less diffuse than millimeter-wave 5G. Kendall suggested that this mid-band spectrum will offer a better compromise between speed and coverage: “Not the 1Gbps millimeter-wave experience but certainly something sustainable well in excess of 100Mbps.”
The Federal Communications Commission is working to make more mid-band spectrum available, but that won’t be lighting up any US smartphones for some time.
(Disclosure: I’ve done a lot of writing for Yahoo Finance, a news site Verizon owns.)
Some games entice you into playing them with loud marketing campaigns, sexualized cover art, or the promise of ludicrous over-the-top violence. But then there are games like Lorne Lanning’s Oddworld series—games that don’t lead with muscle- or bikini-clad heroes and defy easy categorization. Games like Oddworld tempt you into playing by promising a different kind of experience. There are guns and violence, sure, but the setting is strange, the plot is filled with gray, and the hero—well, Abe isn’t exactly sexy, or really even, you know, human.
But players who gave the original Oddworld a chance back in 1997 found themselves stumbling through a unique and fascinating world that was equal parts surprising and subversive, and the series has gone on to acquire legitimate cult-success status. With the approaching release of Oddworld: Soulstorm in 2020, we thought it was a good time to pay a visit to Lorne Lanning and his team at Oddworld Inhabitants, and talk about our favorite meat processing factory worker and his long journey from design notebook to screen.
“Write what you know,” they say…
We interviewed Lanning at the Emeryville, CA headquarters of Oddworld Inhabitants, the studio he co-founded with Sherry McKenna in 1994. For Oddworld fans, the office was a magical place, stuffed with the kind of memorabilia that amasses over more than two decades of game design. Lanning walked us through his journey to become a game creator, starting from his poor beginnings in what sounds like an unstable family. He got into video games because his father had a job at Coleco, and Lanning thought gaming would be a good way to meet girls.
Lanning’s ambitions weren’t aimed at the small screen—he had his eyes set on making movies. To pay the bills, he took a job at TRW Aerospace, where he worked on anti-missile defense systems (it was the 1980s, and Reagan’s Strategic Defense Initiative boondoggle was in full swing). His exposure to soul-crushing bureaucracy and supplier management formed the basis for many of the Brazil-seque ideas later presented in the Oddworld games.
But it’s the time Lanning spent at Rhythm and Hues Studios that had the biggest effect on Oddworld—at least the series’ collective look and feel. Working on visual effects set him on the path of visualizing game design in terms of cinema—not just how things were framed on screen, but also the discipline and budgeting style of the movie industry. When Lanning and McKenna (a fellow Rhythm and Hues alum) eventually started their own studio in the 90s, they approached their game and their character designs in the way Hollywood does. This obviously is de rigeur in 2019, but in 1995 when work on Oddworld started, it was most definitely not the industry norm.
When designing the first Oddworld game, Lanning and his team had to confront an annoying reality of game design—there are only so many ways to interact with the world in a side-scrolling action game, and a lot of those ways involve shooting stuff. And one of the immovable design goals of Oddworld was that protagonist Abe would go through the entire game without being armed—not because of any kind of political stance against guns, but because having Abe unarmed increases the character’s vulnerability in a world that’s already overwhelmingly hostile. A gun would provide an easy solution to many of the game’s problems, and where’s the fun in that?
It took some time to work out a solution, but Lanning the other designers decided that characters like Yoda don’t need guns to solve problems. They instead infused the game with a pastiche of mysticism drawn from a number of different sources, which gave Abe his secret weapon: the ability to possess other characters, including bad guys with guns. This let them then design in some puzzles involving shooting, which the player can solve by finding a bad guy, taking over his body, and having the bad guy shoot his way through the puzzle. To prevent the player from picking up the bad guy’s gun after the puzzle is solved, NPCs violently explode after possession.
An Odd(world) legacy
This video ended up being extremely long in the rough cut because Lanning gave us so much great interview material. We had to trim out quite a bit, but we’ll be producing an extended version if there’s enough interest in this video. There are several rabid Oddworld fans here at the Ars Orbiting HQ, and this video, like several others in the War Stories series, was a passion project with a lot of emotion invested in it (not to mention some custom voiceover lines performed by Lanning just for us!). We hope you enjoy watching it as much as we enjoyed making it.
Greetings, Arsians! The Dealmaster is back with a jumbo-sized roundup of hand-picked Cyber Monday tech deals. To be candid, many of the discounts we’re seeing on Black Friday’s sister holiday are similar to what we saw last week. We do have some new offers worth noting, including new Nintendo Switch bundles, a Sonos speaker sale, monitor deals, and more. Still, for online tech deals, Cyber Monday is primarily a good opportunity to capitalize on the discounts you may not have checked out on Black Friday.
Not that this is a bad thing. Even after sorting through all the junk on offer, we’ve still got a boatload of worthwhile deals that cover just about every type of tech gadget. As we did with our Black Friday deals list, we’ve highlighted a few deals we particularly like ahead of our full rundown. You can see it all below.
(P.S. Because the Dealmaster is a company guy, he’ll note that Ars has its own Cyber Monday sale: New Ars Pro++ subscribers can get discounts on a YubiKey 5c or YubiKey 5 NFC device.)
The last decade has seen remarkable improvements in the ability of computers to understand the world around them. Photo software automatically recognizes people’s faces. Smartphones transcribe spoken words into text. Self-driving cars recognize objects on the road and avoid hitting them.
Underlying these breakthroughs is an artificial intelligence technique called deep learning. Deep learning is based on neural networks, a type of data structure loosely inspired by networks of biological neurons. Neural networks are organized in layers, with inputs from one layer connected to outputs from the next layer.
Computer scientists have been experimenting with neural networks since the 1950s. But two big breakthroughs—one in 1986, the other in 2012—laid the foundation for today’s vast deep learning industry. The 2012 breakthrough—the deep learning revolution—was the discovery that we can get dramatically better performance out of neural networks with not just a few layers but with many. That discovery was made possible thanks to the growing amount of both data and computing power that had become available by 2012.
Greetings, Arsians! The Dealmaster is back with another round of discounts to share—and, well, it’s the big one. While the holiday sales have been steadily trickling out over the past few weeks, it’s now Black Friday, which means the floodgates are officially open for tech deals across the Web.
Now, as is often the case with major shopping events like this, the majority of the offers retailers are pushing don’t totally hold up. Sometimes the prices aren’t much lower than you’ll see at other points in the year, other times the products aren’t worth buying in the first place. (If there’s a product you’re interested in but don’t see below, we recommend using a price-tracking site to ensure you’re not overpaying.) But with lots of consumer tech, Black Friday and Cyber Monday often do result in the lowest prices of the year. With that in mind, the Dealmaster has been burning the midnight oil to find the Black Friday tech deals that are most worth considering. You can find the fruits of his labor below.
There are simply too many notable deals going on now to give a quick recap here, but we’ve called out a few of our favorite offers based on testing the Dealmaster and the rest of the Ars team has done in the past. There’s a truckload of discounts on video games, PC gear, headphones, TVs, streaming devices, and more alongside that. We’ll do our best to update this roundup as deals expire and new ones become available, but for now, let’s try to make your holiday shopping a little less hectic.
Leaves are turning. Temperatures have dipped. These are sure signs—if you live in the Northern Hemisphere, at least—that Canonical’s Autumn release is upon us. Things are a bit different in 2019, however. Not only is Ubuntu 19.10 nicknamed Eoan Ermine (no, I don’t know how you pronounce it either), but it’s the best non-LTS Ubuntu release Canonical has ever put out.
I should qualify that statement somewhat, because really, as the newest version, it had damn well better be the best Ubuntu ever. But there’s more than recency bias behind the sentiment. I’ve been reviewing Ubuntu for 10 years now, and I was using and interacting with this distro in some form or another for another three or four years before that. After spending recent weeks with Ubuntu 19.10, I can say confidently it is quite simply the best Ubuntu Canonical has ever released.
The first reason I like 19.10 so much is that it feels insanely fast. Everyday tasks like opening applications, dragging windows, activating the search interface, and even just moving the cursor around are all noticeably faster than in 19.04. The speed boost is immediately noticeable from the minute you pop in the live CD, and it’s even faster once you have 19.10 installed.
Just about every aircraft that has flown over the past 50 years—whether a single-engine Cessna or a 600-seat jumbo jet—is aided by radios to safely land at airports. These instrument landing systems (ILS) are considered precision approach systems, because unlike GPS and other navigation systems, they provide crucial real-time guidance about both the plane’s horizontal alignment with a runway and its vertical angle of descent. In many settings—particularly during foggy or rainy night-time landings—this radio-based navigation is the primary means for ensuring planes touch down at the start of a runway and on its centerline.
Like many technologies built in earlier decades, the ILS was never designed to be secure from hacking. Radio signals, for instance, aren’t encrypted or authenticated. Instead, pilots simply assume that the tones their radio-based navigation systems receive on a runway’s publicly assigned frequency are legitimate signals broadcast by the airport operator. This lack of security hasn’t been much of a concern over the years, largely because the cost and difficulty of spoofing malicious radio signals made attacks infeasible.
Now, researchers have devised a low-cost hack that raises questions about the security of ILS, which is used at virtually every civilian airport throughout the industrialized world. Using a $600 software defined radio, the researchers can spoof airport signals in a way that causes a pilot’s navigation instruments to falsely indicate a plane is off course. Normal training will call for the pilot to adjust the plane’s descent rate or alignment accordingly and create a potential accident as a result.
One attack technique is for spoofed signals to indicate that a plane’s angle of descent is more gradual than it actually is. The spoofed message would generate what is sometimes called a “fly down” signal that instructs the pilot to steepen the angle of descent, possibly causing the aircraft to touch the ground before reaching the start of the runway.
The video below shows a different way spoofed signals can pose a threat to a plane that is in its final approach. Attackers can send a signal that causes a pilot’s course deviation indicator to show that a plane is slightly too far to the left of the runway, even when the plane is perfectly aligned. The pilot will react by guiding the plane to the right and inadvertently steer over the centerline.
The researchers, from Northeastern University in Boston, consulted a pilot and security expert during their work, and all are careful to note that this kind of spoofing isn’t likely to cause a plane to crash in most cases. ILS malfunctions are a known threat to aviation safety, and experienced pilots receive extensive training in how to react to them. A plane that’s misaligned with a runway will be easy for a pilot to visually notice in clear conditions, and the pilot will be able to initiate a missed approach fly-around.
Another reason for measured skepticism is the difficulty of carrying out an attack. In addition to the SDR, the equipment needed would likely require directional antennas and an amplifier to boost the signal. It would be hard to sneak all that gear onto a plane in the event the hacker chose an onboard attack. If the hacker chose to mount the attack from the ground, it would likely require a great deal of work to get the gear aligned with a runway without attracting attention. What’s more, airports typically monitor for interference on sensitive frequencies, making it possible an attack would be shut down shortly after it started.
In 2012, Researcher Brad Haines, who often goes by the handle Renderman, exposed vulnerabilities in the automatic dependent surveillance broadcast—the broadcast systems planes use to determine their location and broadcast it to others. He summed up the difficulties of real-world ILS spoofing this way:
If everything lined up for this, location, concealment of gear, poor weather conditions, a suitable target, a motivated, funded and intelligent attacker, what would their result be? At absolute worst, a plane hits the grass and some injuries or fatalities are sustained, but emergency crews and plane safety design means you’re unlikely to have a spectacular fire with all hands lost. At that point, airport landings are suspended, so the attacker can’t repeat the attack. At best, pilot notices the misalignment, browns their shorts, pulls up and goes around and calls in a maintenance note that something is funky with the ILS and the airport starts investigating, which means the attacker is not likely wanting to stay nearby.
So if all that came together, the net result seems pretty minor. Compare that to the return on investment and economic effect of one jackass with a $1,000 drone flying outside Heathrow for 2 days. Bet the drone was far more effective and certain to work than this attack.
Still, the researchers said that risks exist. Planes that aren’t landing according to the glide path—the imaginary vertical path a plane follows when making a perfect landing—are much harder to detect even when visibility is good. What’s more, some high-volume airports, to keep planes moving, instruct pilots to delay making a fly-around decision even when visibility is extremely limited. The Federal Aviation Administration’s Category III approach operations, which are in effect for many US airports, call for a decision height of just 50 feet, for instance. Similar guidelines are in effect throughout Europe. Those guidelines leave a pilot with little time to safely abort a landing should a visual reference not line up with ILS readings.
“Detecting and recovering from any instrument failures during crucial landing procedures is one of the toughest challenges in modern aviation,” the researchers wrote in their paper, titled Wireless Attacks on Aircraft Instrument Landing Systems, which has been accepted at the 28th USENIX Security Symposium. “Given the heavy reliance on ILS and instruments in general, malfunctions and adversarial interference can be catastrophic especially in autonomous approaches and flights.”
What happens with ILS failures
Several near-catastrophic landings in recent years demonstrate the danger posed from ILS failures. In 2011, Singapore Airlines flight SQ327, with 143 passengers and 15 crew aboard, unexpectedly banked to the left about 30 feet above a runway at the Munich airport in Germany. Upon landing, the Boeing 777-300 careened off the runway to the left, then veered to the right, crossed the centerline, and came to a stop with all of its landing gear in the grass to the right of the runway. The image directly below shows the aftermath. The image below that depicts the course the plane took.
An incident report published by Germany’s Federal Bureau of Aircraft Accident Investigation said that the jet missed its intended touch down point by about 1,600 feet. Investigators said one contributor to the accident was localizer signals that had been distorted by a departing aircraft. While there were no reported injuries, the event underscored the severity of ILS malfunctions. Other near-catastrophic accidents involving ILS failures are an Air New Zealand flight NZ 60 in 2000 and a Ryanair flight FR3531 in 2013. The following video helps explain what went wrong in the latter event.
Vaibhav Sharma runs global operations for a Silicon Valley security company and has flown small aviation airplanes since 2006. He is also a licensed Ham Radio operator and volunteer with the Civil Air Patrol, where he is trained as a search-and-rescue flight crew and radio communications team member. He’s the pilot controlling the X-Plane flight simulator in the video demonstrating the spoofing attack that causes the plane to land to the right of the runway.
Sharma told Ars:
This ILS attack is realistic but the effectiveness will depend on a combination of factors including the attacker’s understanding of the aviation navigation systems and conditions in the approach environment. If used appropriately, an attacker could use this technique to steer aircraft towards obstacles around the airport environment and if that was done in low visibility conditions, it would be very hard for the flight crew to identify and deal with the deviations.
He said the attacks had the potential to threaten both small aircraft and large jet planes but for different reasons. Smaller planes tend to move at slower speeds than big jets. That gives pilots more time to react. Big jets, on the other hand, typically have more crew members in the cockpit to react to adverse events, and pilots typically receive more frequent and rigorous training.
The most important consideration for both big and small planes, he said, is likely to be environmental conditions, such as weather at the time of landing.
“The type of attack demonstrated here would probably be more effective when the pilots have to depend primarily on instruments to execute a successful landing,” Sharma said. “Such cases include night landings with reduced visibility or a combination of both in a busy airspace requiring pilots to handle much higher workloads and ultimately depending on automation.”
Aanjhan Ranganathan, a Northeastern University researcher who helped develop the attack, told Ars that GPS systems provide little fallback when ILS fails. One reason: the types of runway misalignments that would be effective in a spoofing attack typically range from about 32 feet to 50 feet, since pilots or air traffic controllers will visually detect anything bigger. It’s extremely difficult for GPS to detect malicious offsets that small. A second reason is that GPS spoofing attacks are relatively easy to carry out.
“I can spoof GPS in synch with this [ILS] spoofing,” Ranganathan said. “It’s a matter of how motivated the attacker is.”