shift change 2024-3
Welcome to shift change, reports from the off-going watch to the oncoming on anything interesting in privacy, security, or intelligence.
Planes and drones share similar security issues, people and radios. But all security systems have people problems, so let’s talk electronic warfare, a.k.a. radios. If you can transmit and receive, it takes a lot of work (power, encryption, the fickle mistress of timing, among others) to make sure that you are transmitting and receiving a non-malicious, or non-interfering signal. The sky is full of electromagnetic signals sin waving through the environment. One way our society (and government) mitigates these threats is spectrum management, limiting certain activities, like two way radios or GPS, to certain frequency bands, and then monitoring those bands. Just take a look at most modern consumer electronics in your home or possession, somewhere on there is a warning that the device is designed to accept interference. That’s right, accept interference, but another way of saying that is—they aren’t designed with enough power to cause interference with other devices. Power output restrictions and frequency management with monitoring, are administrative aspects of electronic protect, one of the aspects of electronic warfare, along with electronic attack, and electronic warfare support. Electronic protect works to ensure your access to the bounties of the electromagnetic spectrum, electronic attack works to deny your adversary the same bounties of communication and coordination, and electronic warfare support is the variety of tasks that fall outside clear lines of attack and defense but work to make sure either are available to use.
One of the difficulties in protecting the non-drone fleet of aircraft? Finding a 747 to test on:
Ken Munro, a partner at the U.K.-based cybersecurity firm Pen Test Partners, says there are numerous other systems attackers could potentially exploit. But it can often be hard for researchers to identify weaknesses in aircraft systems because, unlike consumer electronics, you can’t just pick one up at a store and test it. To get around that problem, he worked out a way to borrow a 747 that had ended up in an aircraft graveyard during the pandemic. “We rang them up and said, ‘Hey, if we pay you for the ground power, can we come and play?’” he says. “And they said ‘yes.’”
Most write-ups I’ve seen for this story don’t have much in terms of technical details about how he used a FireStick, but since the FireStick is an Android fork, and jailbreaking FireSticks (and really, any popular consumer facing operating system) is a well known cottage industry by now, it shouldn’t be surprising! It’s resourceful, and malicious (this kid was also already in custody facing criminal charges relating to hacking) but it should not be surprising.
GDPR is the global leader in privacy regulation impact; a boon for consumers seeking to exercise their rights, and a burden for companies trying to meet those requirements. As a consumer, I want more protection, more rights, more relief. But I also have a competing desire for that product or service. Here, GDPR allows a company to consolidate its responsibilities in a primary office, something other big tech companies have chosen to do as well, with a hint as to why Ireland:
If OpenAI gains GDPR main established status in Ireland, obtaining lead oversight by the Irish DPC, it would join the likes of Apple, Google, Meta, TikTok and X, to name a few of the multinationals that have opted to make their EU home in Dublin.
The DPC, meanwhile, continues to attract substantial criticism over the pace and cadence of its GDPR oversight of local tech giants. And while recent years has seen a number of headline-grabbing penalties on Big Tech finally rolling out of Ireland critics point out the regulator often advocates for substantially lower penalties than its peers.