Latest news with #AndyGreenberg
Irish Times
3 days ago
- Politics
- Irish Times
Operation Sandworm by Andy Greenberg: Terrifying narrative of a pervasive digital threat
Operation Sandworm: The Hunt for the Kremlin's Elite Cyber Army Author : Andy Greenberg ISBN-13 : 978-1800963139 Publisher : Monoray Guideline Price : £10.99 If the world is to face into a wider war, this book tells us a great deal about how it will be fought. It may involve aircraft, tanks, warships, drones and so on. But a big element in any conflict will be cyber warfare . Indeed, in such a scenario, it may well be cyber weaponry that will determine which society or societies – if any – will survive and which will be destroyed. Author Andy Greenberg is a senior writer for WIRED magazine , sometimes described as the bible of 21st-century digital technology. Here, he presents a narrative that is nothing short of terrifying, detailing the operations of an elite Russian cyber warfare unit within GRU military intelligence – number 74455 and codenamed Sandworm – that has already penetrated digital infrastructure around the planet, manifesting its destructive capabilities in Ukraine and elsewhere. Russia's missiles and bombers have inflicted enormous damage on Ukraine's power systems, having already plunged the country into the darkness and cold of three eastern European winters. But Sandworm's attacks on the country's electricity grid had begun as early as 2014, according to Greenberg. In 2017 the Petya malware cyber attack on Ukraine's power grid caused an estimated $10 billion in damage, making it the most costly cyber assault the world has known to date. What the world faces now, according to the author, is 'a hacking superpower waging cyber warfare without restraint, a new threat to the global order whose perpetrators will by no means be limited to Russia – and whose victims won't be limited to Ukraine'. READ MORE The author's apprehension over the capacities of aggressive states in cyber warfare is matched by concern in regard to the West's – and particularly the United States's – response to the sort of threat posed by Sandworm and similar projects, sponsored by Russia, China and others. The US C has called out the Russians on Sandworm, naming six key personnel and offering rewards for their capture. [ Almost 90% of Irish companies hit by disruption or financial loss due to cyberattacks Opens in new window ] But, as he points out, given America's 'fickle' foreign policy at this time, it remains to be seen whether it will hold a strong line on what amounts to cyberterrorism. Calling for a Geneva-style convention to limit state-sponsored cyber hacking, he concludes: 'on the internet, we are all Ukraine'.
WIRED
24-05-2025
- Business
- WIRED
The US Is Building a One-Stop Shop for Buying Your Data
Andy Greenberg Dell Cameron Andrew Couts May 24, 2025 6:30 AM Plus: A mysterious hacking group's secret client is exposed, Signal takes a swipe at Microsoft Recall, Russian hackers target security cameras to spy on aid to Ukraine, and more. Photo-Illustration:This week, WIRED launched our Rogues issue—which included going a bit rough ourselves. WIRED senior correspondent Andy Greenberg flew to Louisiana to see how easy it would be to recreate the 3D-printed gun authorities say they found on Luigi Mangione when they arrested him for the murder of UnitedHealthcare's CEO. The result? It was both easy and legal. On Wednesday, US, European, and Japanese authorities announced the disruption of one of the world's most widely used infostealer malware. Known as Lumma, the malware was used to steal sensitive information from victims around the world, including passwords, banking information, and cryptocurrency wallets details, according to authorities. Microsoft's Digital Crime Unit aided in the operation, taking down some 2,300 URLs that served as the Lumma infrastructure. A mysterious database containing more than 184 million records was taken down this week following its discovery by security researcher Jeremiah Fowler. The database contained 47 GB of data, which included information related to Amazon, Apple, Discord, Facebook, Google, Instagram, Microsoft, Netflix, Nintendo, PayPal, Snapchat, Spotify, Twitter, WordPress, Yahoo, and more. In other news, the US charged 16 Russian nationals for allegedly operating the DanaBot malware, which authorities say was used in a wide variety of attacks, from ransomware to espionage. And a recent webinar revealed how a major venture capitalist helped get Starlink satellite internet activated for Israel following the October 7, 2023 attack by Hamas. But that's not all. Each week, we round up the security and privacy news we didn't cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there. The US intelligence community is looking to create a marketplace where private information gathered by data brokers under the guise of marketing can be purchased by American spies, The Intercept reports. Contracting data shows the US spy agencies intend to create a 'Intelligence Community Data Consortium' that uses AI tools to sift through people's personal data; information that the Office of the Director of National Intelligence has previously acknowledged 'could facilitate blackmail, stalking, harassment, and public shaming.' In addition to providing insight into Americans' behaviors and religious and political beliefs, commercial data frequently includes precise location information, offering the US government the ability to surveil people's movements without acquiring a warrant—exploiting a widely recognized loophole in US privacy law. Federal lawmakers attempted to ban the US government from buying what it calls 'commercially accessible information' last year, with the Republican-controlled House passing a version of a law known as the 'Fourth Amendment Is Not For Sale Act.' However, the US Senate, then controlled by the Democratic Party, rejected the legislation. Reporting by WIRED has repeatedly demonstrated how such data can offer US adversaries the ability to monitor the movements of US military and intelligence personnel, including in and around sensitive facilities that house nuclear arms. A Mysterious Hacking Group Is Revealed to Work for the Spanish Government Back in 2014, Russian security firm Kaspersky announced it had discovered a sophisticated hacking group it called Careto, Spanish for 'Ugly Face' or 'Mask,' that had targeted victims across Europe and Cuba. Now, more than a decade later, former employees of the company have finally confirmed what Kaspersky wouldn't spell out at the time: That they believe Careto was a rare sighting of hackers working on behalf of the Spanish government. Careto's targets included energy companies, research institutions, and activists, but it particularly focused on Cuba, likely due to the island nation's giving refuge to members of a Spanish separatist group designated as terrorists by several European countries. Kaspersky's researchers found a Spanish phrase in the hackers' malware code that translates to 'I shit in the sea,' an expletive phrase typically used by Spaniards but not other Spanish speakers. Given the sophistication of Careto's hacking, the public confirmation of Kaspersky's attribution to Spain adds another known player to the game of high-level state-sponsored hacking. Signal Introduces New Feature to Block Screenshots by Microsoft Recall Microsoft's Recall feature, which constantly takes and archives screenshots of Windows users' activity, still represents a serious privacy problem—even after Microsoft significantly walked back its rollout in response to criticism. So the encrypted messaging app Signal has gone so far as to exploit a digital rights management feature of Windows typically used to protect copyrighted materials to block Recall from taking screenshots of the app by default on Windows machines. After all, the Recall feature—which will likely be required for some corporate or government users—will essentially remove any privacy promise from Signal's disappearing messages feature for both Recall users and anyone communicating with them. The screenshot-prevention feature can be turned off in Signal's settings, but it will be turned on by default in Windows. 'Microsoft has simply given us no other option,' Signal wrote in a blog post. Russia's Fancy Bear Hackers Targeted Security Cameras to Spy on Ukraine Aid The hacker group within Russia's GRU military intelligence agency known as APT28 or Fancy Bear first rose to infamy for its targeting of the 2016 US election, but it's no surprise that the group has more recently focused on Ukraine. According to a new assessment from no fewer than 11 countries' intelligence agencies, the hacker group has been targeting a broad array of technology and logistics firms involved in providing aid to Ukraine. 'Dozens of entities, including government organizations and private/commercial entities across virtually all transportation modes: air, sea, and rail' have been targeted in the campaign, the advisory reads. Perhaps most notable about the agencies' accusations is that the hackers targeted 10,000 security cameras in countries bordering Ukraine, including at border crossings, military facilities, and train stations. According to the agencies, the GRU hackers also carried out reconnaissance of the network of at least one producer of industrial control system components for railway systems—suggesting a possible intention to attempt sabotage—but didn't actually succeed in breaching the company. US Indicts Russian National Over Qakbot Malware The US Department of Justice on Thursday indicted a Russian national, Rustam Gallyamov, on allegations that he designed software that was widely used by ransomware gangs and is known to have infected hundreds of thousands of computers, netting the gangs roughly $8.6 million in profit, according to DOJ figures. Prosecutors say more than $24 million was seized from Gallyamov, 48, over the course of its investigation. Federal charges unsealed this week allege that Gallyamov himself gained access to victims' computers and provided it to an array of cybercriminal organizations, including Dopplepaymer, REvil, Black Basta, and Cactus, among others. The investigation into the now disrupted malware, known as Qakbot, was announced in August 2023 under former US attorney general Merrick Garland, who credited a multinational operation that included Europol and prosecutors and law enforcement agencies in France, Germany, the Netherlands, Romania, Latvia, and the United Kingdom. Agencies of Canada and Denmark have also been credited in the investigation that targeted Gallyamov.
WIRED
22-05-2025
- WIRED
Why 3D-Printing an Untraceable Ghost Gun Is Easier Than Ever
May 22, 2025 3:28 PM On today's episode of Uncanny Valley , we discuss how WIRED was able to legally 3D-print the same gun allegedly used by Luigi Mangione, and where US law stands on the technology. Luigi Mangione attends a pretrial hearing at New York State Supreme Court in New York in February 2025. Photo-Illustration: WIRED Staff; Photograph:WIRED's Senior Writer, Andy Greenberg, has been reporting on ghost guns for more than a decade. He first used a 3D printer to assemble a gun in 2015, and says that today's process is not only faster, but cheaper. We talk to Andy about how he legally printed the same gun Luigi Mangione allegedly used in the alleged killing of the United Healthcare CEO last year, and whether US law is keeping up with the technology of 3D printed guns. You can follow Zoë Schiffer on Bluesky at @zoeschiffer and Andy Greenberg on Bluesky at @agreenberg. Write to us at uncannyvalley@ Articles mentioned in this episode: How to Listen You can always listen to this week's podcast through the audio player on this page, but if you want to subscribe for free to get every episode, here's how: If you're on an iPhone or iPad, open the app called Podcasts, or just tap this link. You can also download an app like Overcast or Pocket Casts and search for 'uncanny valley.' We're on Spotify too. Transcript Note: This is an automated transcript, which may contain errors. Zoë Schiffer: This is Zoë. Before we start, I want to take a chance to remind you that we really want to hear from you. If you have a tech related question that's been on your mind or a topic that you wish we'd covered in the show, write to us at uncannyvalley@ If you listen and enjoy the episodes, please, please rate it and leave a review on your podcast app of choice. It honestly does help other people find us. Welcome to WIRED's Uncanny Valley . I'm WIRED Director of Business and Industry Zoë Schiffer. Today on the show, WIRED built and tested a 3D-printed pistol, the exact same model of the gun that Luigi Mangione allegedly used in the brutal killing of a health care CEO last year. Untraceable and often built entirely in private, those guns remain legal in some parts of the country due in part to a loophole in the US federal gun control laws. Today we hear about the process of creating a ghost gun, how those laws have evolved over time, and what future regulations may come. I'm joined today by Andy Greenberg, senior writer at WIRED. Andy, welcome to the show. Andy Greenberg: Glad to be here. Thanks. Zoë Schiffer: Andy, you've been reporting on ghost guns for a really long time, and you started out this story with a question. Has the law in the United States actually caught up with the technology? I guess I wanted to start by asking you that same question. Has it? Andy Greenberg: Well, the short answer is no. Even as the technology to make these so-called ghost guns and in particular 3D-printed guns has gotten more powerful, more practical, far, far, cheaper, the law has really lagged behind. It's opened up this space between the technology and the law that has allowed people to make their own guns at home in total privacy and anonymity more easily than ever. Zoë Schiffer: I remember you saying that the first guns just took hours, and hours, and hours. Now they still take half-a-day, but it's a lot less time. Andy Greenberg: It's definitely faster. I printed two gun frames in 13 hours for this experiment. Zoë Schiffer: Wow. Andy Greenberg: That's probably just a little bit faster than it was 10 years ago, when I first ... I should say 10 years ago, I made an AR-15 ghost gun in WIRED's San Francisco office. Zoë Schiffer: Oh my gosh. Andy Greenberg: Three different ways. One of those ways was trying to 3D print the body of the gun known as the lower receiver of an AR-15. For the Glock-style pistol that Luigi Mangione allegedly used, it's called the frame. I was able to compare how this technology has changed and how well it works to make a gun back then in 2015 and then now. Yes, it's faster, but it's also just much better. And 3D printers are much, much cheaper. That's perhaps the biggest thing of all. The 3D printer that I used back in 2015 to make the body of an AR-15 cost almost $3000 alone. The entire ingredient list for my experiments in making allegedly Luigi Mangione's ghost gun was $1144 or so, plus shipping. Zoë Schiffer: Wow. Andy Greenberg: That includes the cost of the printer, which was about $650. That's an enormous drop in price that has made this much more accessible to people, and just a much more practical way to try to obtain one of these guns in a fashion that completely circumvents all US gun control. Zoë Schiffer: Right, completely. Before we go further on, I think it would be helpful if you just explain for the audience what exactly is a ghost gun. What is the loophole that allows these guns to be made? Andy Greenberg: Well, a ghost gun is this term that was originally used by gun control advocates, but now has actually been picked up by a lot of gun proponents as well. That basically means a gun that is homemade that has no serial number, and therefore is not registered with any government agency. You don't have to get a background check or show anyone ID. No gun control of any kind to obtain it. In that sense, it's a ghost. The notion really is that you make just the parts of the gun that are regulated under US law, and then you can buy the rest of it off the internet or from stores, or whatever. And assemble it at home. Zoë Schiffer: Right, yeah. Now we see why it's called a loophole. That's a pretty serious one. I want to actually go off script, because I'm curious how you approached the story. But honestly, when I was reading it I was like, "How the hell did Andy convince our lawyers to let him build not one, but multiple guns in the WIRED office?" I want to know how those initial conversations actually went. Andy Greenberg: Well, the trick was in 2015 that I didn't ask anybody. Zoë Schiffer: Oh, right. Andy Greenberg: I just did it. Zoë Schiffer: Right, right, right. Andy Greenberg: In 2025, that turns out to be a lot harder and we had to ask a lot of lawyers. We had to have an armorer on set, and a medic, and a special firearms specialist lawyer vet this. Then of course, I spoke to lawyers for the piece as well to make sure that what we were doing was legal. And also, to sketch out US gun control in 2025 and this gaping hole in it for homemade guns. Zoë Schiffer: One of the things we're talking about is what you just mentioned, what has changed since you first started covering the space. You mentioned that the first time you built a 3D-printed gun, you did it in the WIRED office in San Francisco. This time, you actually went to Louisiana. Can you tell me about why that was important? What has changed on the regulatory side? Andy Greenberg: Well, on some level, US law is trying to catch up with this problem, really at the state level mostly. 3D printing a gun in New York is illegal unless you obtain a serial number for it. That's the same now in California, too. My experiment in San Francisco would now be totally illegal. That's the case in 15 US states, that there are some laws around ghost guns. In fact, there was a ban under Biden from the Bureau of Alcohol, Tobacco, and Firearms on ghost gun kits. These pre-made kits that allow anybody to finish a Glock-style frame or an AR-15 lower receiver from a plastic, or polymer, or even metal part with just a few tools in a matter of minutes. Those kits are not illegal according to the ATF. There was a Supreme Court ruling just in March upholding that ban. Part of what I was trying to find out here is despite a Supreme Court ruling, what's seen as a big crackdown on ghost guns, is this still possible to do legally with a 3D printer? And it is. The Supreme Court ruling basically said you can't sell parts that are readily convertible into a ghost gun, but it didn't say anything about creating one out of thin air and some plastic filaments out of empty space, which is really what a 3D printer does. What we did in Louisiana, where there is no state law around this, remains a wide open loophole in the law, if you can call it that. If you 3D print a frame of a Glock-style pistol, then you can buy the rest of the parts off the internet and assemble it, and you have a gun that is a ghost gun. An anonymous, fully private, lethal weapon. Zoë Schiffer: When we get back, we'll get into the details of how Andy actually made and assembled the ghost gun. But for now, we have to go to break. Welcome back to Uncanny Valley . Okay, Andy, I want to get into the gun assembly process. Talk to me about the point from printing, to ordering the parts, to actually putting it together. Andy Greenberg: The printing is definitely the easiest part in 2025. You really can download these files, these CAD files for gun frames from a bunch of different open source websites run by basically opponents of gun control. Then put them into some software and click print, and 13 hours later, in this case I had two perfect Glock-style frames. It was really remarkable how powerful the 3D printer, and cheap it was, that I was using. The assembly is a lot trickier. That is as hard as ever. It's like assembling a very small piece of Ikea furniture. There's a lot of hammering little pins into place, and assembling the trigger mechanism, and it all has to fit into this small cavity inside of the frame. It took me more than an hour to do, and I was being guided in this process by a 3D-printed gun aficionado. He calls himself Print, Shoot, Repeat, who was really helpful and patient about it. But I think that for people who know what they're doing, this takes 15 or 20 minutes— Zoë Schiffer: Wow. Andy Greenberg: —to assemble, once you have some practice at it. Zoë Schiffer: Okay. Then you shot the gun. What happened? How were you feeling at that moment at the gun range? Andy Greenberg: Well, before I even shot it, there is this incredible moment when you're building a gun. It feels like this interesting, a little technical process, like making a model airplane or something. Then all of a sudden, I'm getting this slide onto the frame and then it clicks into place. Then you see for the first time that you actually have a gun in your hands, that it's a lethal weapon. The way that you have to treat a gun in your hands is so different from a collection of gun parts. Suddenly, it's this lethal weapon, you have to be careful where you point it. It's a really dramatic moment. It was for me, anyway. Zoë Schiffer: There was that final part in the assembly where you put on a silencer, like allegedly Luigi Mangione had on his gun, right? Andy Greenberg: Right. Luigi Mangione, in his backpack allegedly had a 3D-printed silencer too, which is a very new phenomenon, even in the 3D-printed gun world. We built that, too. We 3D-printed a silencer. That actually is one part that's different. It's a felony for me to 3D-print a suppressor, a silencer as it's known. We did have an actual licensed gunsmith, the owner of the range that we were about to test that, who pushed print in that case and helped us to build that silencer. When Luigi Mangione allegedly did that, he would have been breaking the law. I would have been too, if not for having a gunsmith on-hand to help us out. Zoë Schiffer: Then it started to jam a little bit. Or I don't know the correct term, but it did malfunction, right? Andy Greenberg: Yeah, it did jam and it misfired several times. We reloaded it and I fired it a bunch more times. It would fire, and then misfire, and fire, and misfire. We did a bunch of troubleshooting, but ultimately we did get it working as a full semi-automatic handgun that could really empty a whole magazine worth of rounds. Zoë Schiffer: You also pointed out that Brian Thompson's alleged killer—their gun also malfunctioned. It looked like, from the videos, that they had practiced a fair amount because they were totally unperturbed by the experience that you had, where the gun jammed, and then you had to troubleshoot, and then keep going. Andy Greenberg: Right. Once we had gotten the gun working as a real semi-automatic, then we put the silencer on, our 3D-printed silencer. The silencer, based on the way that it attaches to the muzzle, it does actually prevent the slide from getting its full range of motion. It no longer actually worked as a true semi-automatic weapon. I had to, every time I pulled the trigger, pull back the slide, rack the gun as they say, which ejects a casing and pushes a new round into the chamber, ready to be fired. You have to manually rack it each time. But when I looked at the surveillance video of allegedly Luigi Mangione killing Brian Thompson, or whoever that was in that video, you can see that they do exactly that. They pull back the slide with every shot. In fact, they seem to be fully prepared to do that. They don't hesitate at all. It was this eerie feeling of realizing that we had arrived at exactly the place where Brian Thompson's killer did. It was this very unnerving feeling of realizing that I was carrying out exactly the same process, I was going through exactly the same sensations of recoil, and racking, and firing again that I was seeing in this actual murder video. Zoë Schiffer: Talk to me about what proponents of ghost guns say. Why are they for this untraceable and potentially really dangerous technology? Andy Greenberg: I think there's a whole range of people who are interested in ghost guns and 3D-printed guns. Cody Wilson, the creator of the first fully 3D-printed gun, I was there in 2013 when he fired for the first time the Liberator, this fully plastic, fully 3D-printed one-shot pistol. He wants to destroy the state. He's a full-on radical Libertarian who believes that actually making gun control impossible, but demonstrating that it is fundamentally impossible. He can use that as a lever to show that "all government is impossible." But then you talk to somebody like Print, Shoot, Repeat, who was the one who helped us out in this experiment. He's also a real advocate for 3D-printed guns. But he told me, "I like this because I like the idea of being able to make my own guns at home. You can experiment with the process, and build guns that are not commercially available, and do it with full anonymity and privacy." I did ask him, "Doesn't that also pose a real risk? Doesn't the ability for anybody essentially to make a gun at home with anonymity and privacy mean that they can use it to commit a crime?" He, like a lot of gun advocates I think in general, his answer was, "Well, freedom is dangerous," and that's the American way, essentially. Zoë Schiffer: I was really struck by that in your work. That it really felt like their POV was the occasional outburst of violence is the cost of freedom in this country, which is a very different way of seeing the world. My last question is just where do you think this is all heading? What does 3D printing and the way the technology has developed since you first started covering this space tell us about our ability to regulate guns in the United States? Andy Greenberg: Well, it's just definitely clear that law in this country is not keeping up with technology on this issue. That's a running theme probably of this podcast and everything we do at WIRED. But it's very visible. I feel like this is almost a parable about the ways that technology runs ahead of the law, especially in this country. And especially in a country where people love to defy the law and break the law. This is one example where Americans, it's the American way to try to have more guns than even our very meager gun control laws would allow us. For me, as someone who's covered 3D-printed guns since 2012, it just strikes me that this topic caught up and even run ahead of me in my reporting. I used to think of this as some future threat that I was describing in this science fictional way. Now it's definitely a present threat. In fact, it took me by surprise in December 2024, when a 3D-printed gun was used allegedly in this massively high profile murder. I don't know. It's a future shock, as Alvin Toffler would call it. Where it's like, "Wow, we are in that future now." This is a particularly scary one. Zoë Schiffer: We're going to take a quick break. When we come back, we'll share our recommendations for what to read on this week. Welcome back to Uncanny Valley . I'm Zoë Schiffer, WIRED's director of business and industry. I'm joined today by WIRED's Senior Writer Andy Greenberg. Before we take off, Andy, tell our listeners what they need to read on today. Andy Greenberg: Well, this ghost gun story is part of the Rogue's package as we're calling it, all about people on the edge of the law and breaking the law in interesting ways. There's another story in that package that I thought was incredible, written by my colleague Evan Ratliff. It's about the Zizians, this group that went in an extremely irrational direction—became actually this violent militant group. It's a remarkable piece about their evolution and how they came to do truly horrifying criminal things. There's also this idea in the piece that has just haunted me in the weeks since I read it. It's called Roko's basilisk. It's something that rationalists and AI people talk about. Which is this notion that, if there is going to be a super intelligent AI in the future, it might punish people who were aware that it could be created and didn't work to create it. Zoë Schiffer: That's just so weird and scary. Andy Greenberg: It just really bothers me that there's this idea that's so dangerous you can't even think about it. But I would also say that I have a piece in this Rogue's package also coming out tomorrow that I've been working on for about a year-and-a-half, about at one point the dark web's biggest dealer in DMT, this incredibly potent psychedelic that he made in secret labs across the west half of the US. I hope you'll check that out, too. Zoë Schiffer: I am very excited for that one. DMT is a big topic of discussion in California these days. I have another recommendation. I feel like the topic of this podcast has been very, at least to me, and I understand I have my own biases here, a bleak vision of the future. But we also have this interview that our fantastic reporter Kate Knibbs did with Jay Graber, the head of Bluesky. She lays out a vision of the future of the social web that I actually found extremely uplifting. I thought it was interesting, because Jay uses a lot of the language that you hear from the cutting-edge tech VCs and executives, but she does it in a way that feels completely different from the future that these other people and a lot of the men lay out. I really found her words compelling and I think everyone should read it. That's our show for today. We'll link to all the stories we spoke about in the show notes. Make sure to check out Thursday's episode of Uncanny Valley , which is about AI in schools and a big question we're having. Is using this technology cheating? Kyana Moghadam and Adriana Tapia produced this episode. Greg Obis mixed this episode. Pran Bandi was our New York studio engineer. Jordan Bell is our executive producer. Conde Nast's Head of Global Audio is Chris Bannon. Katie Drummond is WIRED's global editorial director.
WIRED
29-04-2025
- WIRED
Millions of Apple Airplay-Enabled Devices Can Be Hacked via Wi-Fi
Lily Hay Newman Andy Greenberg Apr 29, 2025 8:30 AM Researchers reveal a collection of bugs known as AirBorne that would allow any hacker on the same Wi-Fi network as a third-party AirPlay-enabled device to surreptitiously run their own code on it. Illustration:Apple's AirPlay feature enables iPhones and Macbooks to seamlessly play music or show photos and videos on other Apple devices or third-party speakers and TVs that integrate the protocol. Now newly uncovered security flaws in AirPlay mean that those same wireless connections could allow hackers to move within a network just as easily, spreading malicious code from one infected device to another. Apple products are known for regularly receiving fixes, but given how rarely some smart-home devices are patched, it's likely that these wirelessly enabled footholds for malware, across many of the hundreds of models of AirPlay-enabled devices, will persist for years to come. On Tuesday, researchers from the cybersecurity firm Oligo revealed what they're calling AirBorne, a collection of vulnerabilities affecting AirPlay, Apple's proprietary radio-based protocol for local wireless communication. Bugs in Apple's AirPlay software development kit (SDK) for third-party devices would allow hackers to hijack gadgets like speakers, receivers, set-top boxes, or smart TVs if they're on the same Wi-Fi network as the hacker's machine. Another set of AirBorne vulnerabilities would have allowed hackers to exploit AirPlay-enabled Apple devices too, Apple told Oligo, though these bugs have been patched in updates over the last several months, and Apple tells WIRED that those bugs could have only been exploited when users changed default AirPlay settings. Those Apple devices aside, Oligo's chief technology officer and cofounder, Gal Elbaz, estimates that potentially vulnerable third-party AirPlay-enabled devices number in the tens of millions. 'Because AirPlay is supported in such a wide variety of devices, there are a lot that will take years to patch—or they will never be patched,' Elbaz says. 'And it's all because of vulnerabilities in one piece of software that affects everything.' Despite Oligo working with Apple for months to patch the AirBorne bugs in all affected devices, the Tel-Aviv-based security firm warns that the AirBorne vulnerabilities in many third-party gadgets are likely to remain hackable unless users act to update them. If a hacker can get onto the same Wi-Fi network as those vulnerable devices—whether by hacking into another computer on a home or corporate network or by simply connecting to the same coffeeshop or airport Wi-Fi—they can surreptitiously take over these gadgets. From there, they could use this control to maintain a stealthy point of access, hack other targets on the network, or add the machines to a botnet of infected, coordinated machines under the hacker's control. Oligo also notes that many of the vulnerable devices have microphones and could be turned into listening devices for espionage. The researchers did not go so far as to create proof-of-concept malware for any particular target that would demonstrate that trick. Oligo says it warned Apple about its AirBorne findings in the late fall and winter of last year, and Apple responded in the months since then by pushing out security updates. The researchers collaborated with Apple to test and validate the fixes for Macs and other Apple products. Apple tells WIRED that it has also created patches that are available for impacted third-party devices. The company emphasizes, though, that there are limitations to the attacks that would be possible on AirPlay-enabled devices as a result of the bugs, because an attacker must be on the same Wi-Fi network as a target to exploit them. Apple adds that while there is potentially some user data on devices like TVs and speakers, it is typically very limited. Below is a video of the Oligo researchers demonstrating their AirBorne hacking technique to take over an AirPlay-enabled Bose speaker to show their company's logo. (The researchers say they didn't intend to single out Bose, but just happened to have one of the company's speakers on hand for testing.) Bose did not immediately respond to WIRED's request for comment. The AirBorne vulnerabilities Oligo found also affect CarPlay, the radio protocol used to connect to vehicles' dashboard interfaces. Oligo warns that this means hackers could hijack a car's automotive computer, known as its head unit, in any of more than 800 CarPlay-enabled car and truck models. In those car-specific cases, though, the AirBorne vulnerabilities could only be exploited if the hacker is able to pair their own device with the head unit via Bluetooth or a USB connection, which drastically restricts the threat of CarPlay-based vehicle hacking. The AirPlay SDK flaws in home media devices, by contrast, may present a more practical vulnerability for hackers seeking to hide on a network, whether to install ransomware or carry out stealthy espionage, all while hiding on devices that are often forgotten by both consumers and corporate or government network defenders. 'The amount of devices that were vulnerable to these issues, that's what alarms me,' says Oligo researcher Uri Katz. 'When was the last time you updated your speaker?' The researchers originally started thinking about this property of AirPlay, and ultimately discovered the AirBorne vulnerabilities, while working on a different project analyzing vulnerabilities that could allow an attacker to access internal services running on a target's local network from a malicious website. In that earlier research, Oligo's hackers found they could defeat the fundamental protections baked into every web browser that are meant to prevent websites from having this type of invasive access on other people's internal networks. While playing around with their discovery, the researchers realized that one of the services they could access by exploiting the bugs without authorization on a target's systems was AirPlay. The crop of AirBorne vulnerabilities revealed today is unconnected to the previous work, but was inspired by AirPlay's properties as a service built to sit open and at the ready for new connections. And the fact that the researchers found flaws in the AirPlay SDK means that vulnerabilities are lurking in hundreds of models of devices—and possibly more, given that some manufacturers incorporate the AirPlay SDK without notifying Apple and becoming 'certified' AirPlay devices. 'When third-party manufacturers integrate Apple technologies like AirPlay via an SDK, obviously Apple no longer has direct control over the hardware or the patching process,' says Patrick Wardle, CEO of the Apple device-focused security firm DoubleYou. 'As a result, when vulnerabilities arise and third-party vendors fail to update their products promptly—or at all—it not only puts users at risk but could also erode trust in the broader Apple ecosystem."
WIRED
15-03-2025
- Business
- WIRED
End-to-End Encrypted Texts Between Android and iPhone Are Coming
Andy Greenberg Dhruv Mehrotra Mar 15, 2025 6:30 AM Plus: A nominee to lead CISA emerges, Elon Musk visits the NSA, a renowned crypto cracking firm's secret (and problematic) cofounder is revealed, and more. Photo-Illustration:Knifings, firebombings, shootings, and murder-for-hire plots—all linked to a splinter group of the 764 crime network called 'No Lives Matter.' According to its own manifesto, the group seeks to 'purify mankind through endless attacks' and has released at least two 'kill guides' tied to violent plots in the US and Europe. Intelligence documents reviewed by WIRED reveal growing concern among analysts, but experts remain unsure how to stop the group's spread. On Monday, X experienced intermittent outages after a botnet flooded the social network with junk traffic in an attempt to take down its system. Elon Musk stated that the distributed denial-of-service attack originated from Ukrainian IP addresses, implying that the country—already under siege by a Russian invasion and frequently mocked by the centibillionaire—may have been responsible. Security experts tell WIRED that this is not how DDoS attacks work. Meanwhile, inside the Cybersecurity and Infrastructure Security Agency, mass layoffs are hurting US cyberdefense, weakening protections against foreign adversaries. Vital staff cuts have left employees overworked and strained international partnerships, according to interviews with staff at the agency that helps safeguard cities, businesses, and nonprofits from cyberattacks. 'A lot of people are scared,' says one employee. 'We're waiting for that other shoe to drop. We don't know what's coming.' As WIRED takes you inside the agencies at the center of the uncertainty and chaos of the second Trump administration, we've updated our quick and easy guide to using Signal to help you get the most out of the messaging app's end-to-end encryption. That's not all. Each week, we round up the security and privacy news we didn't cover in depth ourselves. Click on the headlines to read the full stories. And stay safe out there. End-to-End Encrypted Texts Between Android and iPhone Are on the Way Those 'green bubbles,' the cross-platform text messages that annoy iPhone owners and keep Android users relegated to a group-chat underclass, aren't just a cultural disconnect. They're also a security issue: Text messages sent between Android and iOS devices—unlike blue-bubble iMessage texts or Android-to-Android messages—aren't end-to-end encrypted, leaving them open to surveillance or interception. Now, that may finally be changing. The GSM Association, responsible for many widely used telecom standards, this week announced that its Rich Communication Services (or RCS) protocol will now support end-to-end encryption for cross-platform texting, and Apple revealed that it will now integrate that feature of RCS into its iOS devices. Until now, Apple and Google had both supported RCS's other features in texts sent between iOS and Android, but not end-to-end encryption, which ensures that only the devices sending and receiving messages can decrypt them and not any server or snoop that sees them in transit. Neither Apple nor the GSMA has said exactly when the new privacy features are launching. Until then, anyone sending cross-platform messages would be wise to stick with apps like WhatsApp or Signal that have long provided end-to-end encryption—and have also helped Android and iPhone users avoid personal disputes over bubble colors. Sean Plankey Nominated as Head of CISA, America's Top Cybersecurity Agency The White House has tapped Sean Plankey to run CISA, the agency within the Department of Homeland Security primarily responsible for American digital defense. Plankey, long considered the leading contender for the role, served in multiple cybersecurity positions in the first Trump administration and previously held senior roles in US Cyber Command. In that DOD agency focused on cyber offense, he served as a weapons and tactics branch chief and earned a Bronze Star for hacking operations in Afghanistan. CISA, like many federal agencies, has faced hundreds of personnel cuts in recent weeks, and its previous director, Chris Krebs, came under harsh criticism under the previous Trump administration for the agency's work to counter disinformation and secure elections. Krebs was fired in a Trump tweet near the end of his term after CISA described the 2020 election, whose results Trump baselessly contested, as the 'most secure in American history.' Elon Musk Visits the National Security Agency Not even the National Security Agency has been spared from Elon Musk's scorched-earth campaign to gut the federal government. On Wednesday, The Wall Street Journal reported that Musk had visited the intelligence agency in Fort Meade, meeting with leadership to discuss staff reductions and operational changes, according to current and former US officials who spoke to the Journal. Despite being one of the most insulated branches of US intelligence, the NSA has still found itself pulled into Musk's orbit. The visit to Fort Meade is another sign of the sweeping nature of his influence and the extraordinary access the world's richest man has been granted over even the most secretive federal operations. Last month, staff at the intelligence agency received emails offering deferred resignations, signaling impending changes. Then, a week ahead of his visit, Musk publicly called for an overhaul of the intelligence and cybersecurity agency. Posting to his social media site X, Musk wrote, 'The NSA needs an overhaul,' alongside an apparent agency recruitment graphic featuring a group of college-aged people of color and a list of universities where the NSA was conducting outreach—seemingly mocking the agency's recruitment efforts. A Buzzy Crypto Cracking Firm Had a Hidden CoFounder Accused of Sexual Assault The cryptocurrency recovery firm Unciphered has made headlines with its feats of whitehat wallet cracking on behalf of customers who have lost access to their cryptocurrency fortunes. In the fall of 2023, for instance, the company cracked a model of encrypted IronKey USB drive believed to hold 7,000-plus bitcoins now worth well over half a billion dollars. Now, The Washington Post reports that one of the cofounders of that company was Morgan Marquis-Boire, a once-lauded hacker and security researcher for Google and Citizen Lab who was later accused of sexually assaulting multiple women. The reported involvement of Marquis-Boire, who has largely disappeared from the cybersecurity world after facing the sex crime accusations in 2017, was kept secret from even many of the startup's staff, and the revelations of his role have left the company in 'disarray,' according to the Post. A Reporter Behind an Indian Hacker-for-Hire Story Is Fighting to Regain His Citizenship In November of 2023, Raphael Satter was one of a team of Reuters reporters who published an in-depth feature on Appin Technology, a startup that allegedly hacked numerous celebrity and civil society targets on behalf of clients. A group with a similar name responded by suing, and obtained a court ruling that for a time successfully censored Reuters' story—a remarkable case of an Indian judge restricting free speech internationally. Satter is now fighting a different battle following publication of that story. In late 2023, his Overseas Citizen of India (OCI) card—a kind of international citizenship extended to foreign citizens of Indian origin and those married to Indians—was revoked around the same time as the judge filed the injunction. A letter sent to Satter in December of that year accused him of 'maliciously creating adverse and biased opinion against Indian institutions in the international arena.' Satter is now petitioning a Delhi court to reverse that revocation, which has prevented him from entering India to visit family there.
