Latest news with #Defcon
WIRED
a day ago
- Science
- WIRED
A Special Diamond Is the Key to a Fully Open Source Quantum Sensor
Aug 9, 2025 2:40 PM Quantum sensors can be used in medical technologies, navigation systems, and more, but they're too expensive for most people. That's where the Uncut Gem open source project comes in. Photo-Illustration: Wired Staff/Quantum Village Quantum computing is either a distant dream or an imminent reality depending on who you ask. And while much of this year's Quantum Village at the Defcon security conference in Las Vegas is focused on emerging research and threat analysis, village cofounders Victoria Kumaran and Mark Carney are also working to make a currently available quantum technology more accessible to hackers and anyone else. In a main-stage Defcon talk on Saturday, the pair will present an open source and affordable quantum sensor that can serve a variety of uses, from medical technologies to GPS alternatives. And it's all powered by a special yet affordable diamond with particular atomic properties. The first generation design could be assembled for about $120 to $160 depending on suppliers and shipping times. The second version that Kumaran and Carney are presenting this weekend can be built for even less, and the pair says that they will release a third version this fall based on community testing and input that they hope will cost just $50 to build. Quantum sensors detect extremely slight variations in magnetic and electrical fields, enabling ultra-precise measurements. Atomic clocks that keep nearly perfect time, for example, are quantum sensors that have been in use for decades. For researchers and enthusiasts interested in learning more about quantum sensing, though, the barrier to entry has been quite high. So the Quantum Village's relatively affordable, open source 'Uncut Gem' project creates a real opportunity for more people to build their own quantum sensors and explore the technology. 'You can do things you wouldn't have been able to do before, like using quantum sensors to start building portable MRI-style devices that can be used in all different countries,' Kumaran told WIRED ahead of their presentation. 'These are diamonds with defects, synthetic diamonds that are the cheapest off-cuts you can get. I think there's something a bit poetic that synthetic diamonds have this utility.' Most of the components needed for the quantum sensor are simple off-the-shelf computing parts, but the diamond needs to be what's known as a 'nitrogen-vacancy diamond.' Its special molecular properties are thanks to the presence of nitrogen atoms that replace some carbon atoms in the diamond's atomic structure. In addition to potential medical applications, quantum sensors can be used in alternative navigation technologies that track electromagnetic wave interference. Such tools could be used as local alternatives to GPS in the case of global system failures or targeted jamming. US Space Force is currently testing what a release called the 'highest-performing quantum inertial sensor ever tested in space.' For the vast majority of people who don't have access to the world's highest performing quantum sensors, though, the Uncut Gem project represents an opportunity to democratize and expand quantum sensing technology. The project joins others in different fields of hacking that have been geared toward low-cost, accessible designs and components. Independent researcher Davide Gessa has been testing the Uncut Gem schematics and code. 'I'm in the final phase of casting the diamond with the electronics—I hope to finish the device in about two weeks,' Gessa told WIRED. 'I'm following the instructions from the official project, but I made some customizations, too. My hope is to exploit this device to do some quantum computing experiments and also use it for random number generation. All my edits will be open source, so everyone can replicate and improve it.' Uncut Gem prototype sensors have already been able to detect magnetic wave fluctuations in a chaotic conference hall as well as a heartbeat from a few feet away from a subject. Software is vital in quantum sensing, because even the most refined and high-quality hardware still picks up noise in the environment that needs to be reconciled and filtered to focus the sensor's output on the intended detection. 'The reason we're calling it the first fully open source is because, to the best I've found, other papers give you some schematics—and we've referenced those—but there's no one other place that you could go that has the PCB [printed circuit board], the source of diamonds, the designs, the schematics, the firmware, and also a repository of knowledge about how it works so you can get started,' Carney, of the Quantum Village, told WIRED. While quantum sensors, and certainly the Uncut Gem sensor, still have a long way to go before delivering the accuracy and ease-of-use of a Star Trek tricorder, Carney and Kumaran emphasize that the purpose of the project is simply to get actual quantum technology out to the world as quickly as possible. 'Open sourcing this is really important to us,' Carney says. 'Is it a good sensor? Excuse me, but fuck no. There are much better sensors. Could it be a better sensor? Absolutely, and that will happen if we can get people to take part in open source and iterate it.'
WIRED
2 days ago
- Business
- WIRED
Ex-NSA Chief Paul Nakasone Has a Warning for the Tech World
Aug 8, 2025 7:21 PM At the Defcon security conference in Las Vegas on Friday, Nakasone tried to thread the needle in a politically fraught moment while hinting at major changes for the tech community around the corner. Photograph:The Trump administration's radical changes to United States fiscal policy, foreign relations, and global strategy—combined with mass firings across the federal government—have created uncertainty around US cybersecurity priorities that was on display this week at two of the country's most prominent digital security conferences in Las Vegas. 'We are not retreating, we're advancing in a new direction,' Cybersecurity and Infrastructure Security Agency chief information officer Robert Costello said on Thursday during a critical infrastructure defense panel at Black Hat. As in other parts of the federal government, the Trump administration has been combing intelligence and cybersecurity agencies to remove officials seen as disloyal to its agenda. Alongside these shifts, the White House has also been hostile to former US cybersecurity officials. In April, for example, Trump specifically directed all departments and agencies to revoke the security clearance of former CISA director Chris Krebs. And last week, following criticism from far-right activist Laura Loomer, the secretary of the Army rescinded an academic appointment that former CISA director Jen Easterly had been scheduled to fill at West Point. Amid all of this, former US National Security Agency and Cyber Command chief Paul Nakasone spoke with Defcon founder Jeff Moss in an onstage discussion on Friday, focusing on AI, cybercrime, and the importance of partnerships in digital defense. 'I think we've entered a space now in the world where technology has become political and basically every one of us is conflicted,' Moss said at the beginning of the discussion. Nakasone, who is on the board of OpenAI, agreed, citing Trump's January launch of the 'Stargate' AI infrastructure initiative flanked by Oracle's Larry Ellison, SoftBank's Masayoshi Son, and OpenAI's Sam Altman. 'And then two days later, just by chance, [the Chinese generative AI platform] DeepSeek came out,' Nakasone deadpanned. 'Amazing.' Nakasone also reflected on demographic differences between the US federal government and the tech sector. 'When I was the director of NSA and commander of US Cyber Command, every single quarter I would go to the Bay or I'd go to Texas or Boston or other places to see technology,' he said. 'And every place that I went to, I was twice the age of the people that talked to me. And then when I came back to DC and I sat at the table, I was one of the younger people there. OK, that's a problem. That's a problem for our nation.' Throughout the discussion, Nakasone largely geared his remarks toward efforts to counter traditional US rivals and adversaries, including China, Iran, North Korea, and Russia, as well as specific digital threats. 'Why aren't we thinking differently about ransomware, which I think right now is among the great scourges that we have in our country,' he said. 'We are not making progress against ransomware.' At times, though, Moss attempted to steer the conversation toward geopolitical changes and conflicts around the world that are fueling uncertainty and fear. 'How do you be neutral in this environment? Can you be neutral? Or is the world's environment since last year, Ukraine, Israel, Russia, Iran, just take your pick, America—how does anybody remain neutral?" Moss asked at the beginning of the conversation. Later he added, 'I think because I'm so stressed out by the chaos of the situation, I'm trying to feel how do I get control?' Referencing these remarks and comments Moss had made about turning to open source software platforms as a community-building alternative to multinational tech companies, Nakasone hinted at Moss' notion that the world and its entering a precarious state of flux. 'This is going to be an interesting storyline that we play out through '25 and '26. When we come back [to Defcon] next year to have this discussion, will we still be able to have this sense of, oh, we're truly neutral? I sense not. I think it's going to be very, very difficult.'
WIRED
2 days ago
- Business
- WIRED
A Misconfiguration That Haunts Corporate Streaming Platforms Could Expose Sensitive Data
Aug 8, 2025 1:00 PM A security researcher discovered that flawed API configurations are plaguing corporate livestreaming platforms, potentially exposing internal company meetings—and he's releasing a tool to find them. Photo Illustration:Top streaming services like Netflix and Disney+ have made sustained investments over the years to lock their content down. Whenever they can, they prevent users from accessing videos without a subscription or watching region-blocked content. New findings presented today at the Defcon security conference in Las Vegas, though, indicate that streaming platforms used for things like internal corporate broadcasts and sports livestreams can contain basic design flaws that allow anyone to access a vast swath of content without logging in. Independent researcher Farzan Karimi first realized years ago that misconfigurations in application programming interfaces, or APIs, exposed streaming content to unauthorized access. In 2020 he disclosed a set of such flaws to Vimeo that could have allowed him to access close to 2,000 internal company meetings along with other types of livestreams. The company quickly fixed the issue at the time, but the finding left Karimi with concerns that similar problems could be lurking in other platforms. Years later, he realized that by refining a technique for mapping how APIs retrieve data and interact, he could look for other vulnerable platforms. At Defcon, Karimi is presenting findings about current exposures in one mainstream sports streaming platform—he is not naming the site because the issues are not yet resolved—and releasing a tool to help others identify the problem in additional sites. 'For a company all hands or other sensitive meeting, there might be key internal information being shared—CEOs or other executives talking about layoffs or sensitive intellectual property,' Karimi told WIRED ahead of his conference talk. 'You can see a bad pattern emerge in how easily you can circumvent authentication to access streams, but this class of issue was previously dismissed as requiring deep knowledge of a given business to identify.' APIs are services that fetch and return data to whoever requests it. Karimi gives the example that you can search for the movie Fight Club on a streaming platform, and the stream for the movie may come back with information about the length of the movie, trailers, actors in the movie, and other metadata. Multiple APIs work together to assemble all of this information with each fetching certain types of data. Similarly, if you search for Brad Pitt, a set of APIs will interact to deliver Fight Club along with other movies he's starred in like Troy and Seven . Some of these APIs are designed to require proof of authentication before they will return results, but if a system hasn't been scrutinized deeply, it is common for other APIs to blindly return data without requiring proof of authorization on the assumption that only an authenticated requestor will be in a position to send queries. 'Often there are basically four, five, some number of APIs that have all this metadata, and if you know how to trace through them, you can unlock paywalled content for free,' Karimi says. 'It's a 'security through obscurity' model where they would never think that someone would be able to manually connect the dots between these APIs. The automation I'm introducing, though, helps find these authorization flaws quickly at scale.' Karimi emphasizes that top streaming services are largely locked down and either corrected such API misconfigurations long ago or avoided them from the start. But he emphasizes that more utilitarian platforms for corporate streaming and other live events—including always-on cameras in sports arenas and other venues that are meant to only be accessible at certain times—are likely vulnerable and exposing video that is thought to be protected.
