Latest news with #hackers
Bloomberg
3 hours ago
- Bloomberg
Columbia Hack Affected 870,000 People, Included Some Health Data
A recent breach of Columbia University's computer systems compromised personal information of about 870,000 people, including students and applicants, according to the school's reports to state officials in the US. The hack included 'any personal information' provided in connection with applications or was collected during students' studies, according to drafts of letters from the university to potentially affected individuals. That includes contact details, demographic information, academic history, financial aid-related information and insurance and health-related data shared with the university, the letters state.
WIRED
6 hours ago
- WIRED
It Looks Like a School Bathroom Smoke Detector. A Teen Hacker Showed It Could Be an Audio Bug
By Andy Greenberg and Joseph Cox Aug 8, 2025 9:00 AM A pair of hackers found that a vape detector often found in high school bathrooms contained microphones—and security weaknesses that could allow someone to turn it into a secret listening device. Photo-Illustration: Wired Staff;A couple of years ago, a curious, then-16-year-old hacker named Reynaldo Vasquez-Garcia was on his laptop at his Portland-area high school, seeing what computer systems he could connect to via the Wi-Fi—'using the school network as a lab,' as he puts it—when he spotted a handful of mysterious devices with the identifier 'IPVideo Corporation.' After a closer look and some googling, Garcia figured out that a company by that name was a subsidiary of Motorola, and the devices he'd found in his school seemed to be something called the Halo 3C, a 'smart' smoke and vape detection gadget. 'They look just like smoke detectors, but they have a whole bunch of features like sensors and stuff,' Garcia says. This article was created in partnership with 404 Media, a journalist-owned publication covering how technology impacts humans. For more stories like this, sign up here. As he read more, he was intrigued to learn that the Halo 3C goes beyond detecting smoke and vaping—including a distinct feature for discerning THC vaping in particular. It also has a microphone for listening out for 'aggression,' gunshots, and keywords such as someone calling for help, a feature that to Vasquez-Garcia immediately raised concerns of more intrusive surveillance. Now, after months of reverse engineering and security testing, Vasquez-Garcia and a fellow hacker he's partnered with who goes by the pseudonym 'Nyx,' have shown that it's possible to hack one of those Halo 3C gadgets—which they've taken to calling by the nickname 'snitch puck'—and take full control of it. At the Defcon hacker conference today, they plan to show that by exploiting just a few relatively simple security vulnerabilities, any hacker on the same network could have hijacked a Halo 3C to turn it into a real-time audio eavesdropping bug, disabled its detection capabilities, created fake alerts for vaping or gunshots, or even played whatever sound or audio they chose out of the device's speaker. Motorola said it has since developed a firmware update to address those security flaws that will automatically push to cloud-connected devices by Friday. Manyof the hackers' tricks are on display in a video demo below, which the Vasquez-Garcia and Nyx made ahead of their Defcon presentation: The Halo 3C's vulnerabilities would have potentially allowed a teen hacker on a school network to take control of a Halo 3C for epic mischief or abuse. The sensor's capabilities also ignite fears that school administrators or even police could have done the same to eavesdrop on unsuspecting students in a school bathroom. Schools are increasingly subject to all sorts of surveillance technology, from AI-powered weapons detectors, to 'face analytics' cameras, to keystroke loggers on student computers. One concern of the researchers is that technology like the Halo 3C could be turned against a student speaking about seeking an abortion, for instance. In marketing material, Motorola says the Halo 3C sensor 'is ideal for observing health and safety in privacy-concern areas, such as restrooms and changing facilities, where video and audio recording is not permitted.' (Motorola said that the sensor is programmed with wake words, such as 'Help, 911,' and does not record or stream audio.) 'To the credit of the company, the microphones sound great,' says Nyx. 'From up on the ceiling, you could totally listen to what somebody was saying, and we've made this happen.' Motorola told the hackers in an email that it has worked on a new firmware update that should fix the vulnerabilities. But the hackers argue that doesn't, and can't, address the underlying concern: that a gadget loaded with hidden microphones is installed in schools around the country. Motorola also advertises its Halo sensors for use in public housing—including inside residents' homes—according to marketing material. 'The unfortunate reality is there's a microphone connected to a computer that's connected to the network,' says Nyx. 'And there's no software patching that will make that not possible to use as a listening device.' Motorola pitches the Halo 3C as an 'all-in-one intelligent security device' in its marketing material. Its notifications 'enable security teams at schools, hospitals, retail stores and more to respond to potentially critical events faster, helping to establish a safer environment,' it says. After Vasquez-Garcia got curious about the Halo 3C two years ago, he and Nyx—an older hacker he met at his local hackerspace—bought one on eBay and took it apart. Their physical teardown revealed the Halo 3C is essentially a Raspberry Pi micro computer with a bunch of sensors attached, including one for temperature or humidity, an accelerometer, and others for air quality that detect different gases. One feature jumped out: a couple of microphones. 'Seeing this device is getting put into buildings and having microphones in it,' says Nyx, 'it's kind of a huge red flag.' A disassembled Halo 3C smoke and vape detector found to include microphones. Courtesy of Reynaldo Vasquez-Garcia and Nyx To hack the Halo 3C, they found that if they could connect to one over the network it was installed on, they could brute-force guess its password with virtually no rate limitations due to a flaw in how it tried to throttle those guesses. 'It's trivially possible to guess passwords as quickly as the thing can respond to you,' says Nyx. That meant they could guess roughly 3,000 passwords a minute, and crack any insufficiently complex password relatively quickly. Once they had administrator access to a Halo 3C, they found they could update its firmware to whatever they chose: Despite its security measures that attempted to require those firmware updates to be encrypted with a certain cryptographic key, that key was in fact included in firmware updates available on the Halo's website. 'They're handing you a locked box where the key is taped to the underside,' Nyx says. 'As long as you know to look down there, you can open it up.' A Motorola Solutions spokesperson said in a statement: 'Motorola Solutions designs, develops and deploys our products to prioritize data security and protect the confidentiality, integrity and availability of data. A firmware update is available, and we are working with our customers and channel partners to deploy the update together with our additional recommendations and industry best practices for security.' Marketing material available online says the Halo 3C uses a 'Dynamic Vape Detection algorithm' which can sense nicotine, THC, and when someone is trying to mask their vaping with aerosols. Halo can also 'alert security teams to motion after hours' and includes a 'spoken keyword feature.' 'The HALO Smart Sensor can detect specific spoken keywords that immediately alert security to a potential issue. Pre-defined keywords like 'help' are particularly valuable in environments such as schools, where bullying is a concern, or for teachers in need of assistance, as well as nurses and hospital patients,' the marketing material adds. Another section says the sensors can be used to detect 'bullying or aggression' in schools. The marketing material also says Halo sensors have been used in public housing units in New York. 'The sensors helped SSHA [the Saratoga Springs Housing Authority] reduce risks, enforce nonsmoking rules, and protect vulnerable residents, with plans for further installations across the housing authority,' it says. Nyx argues that the notion of requiring public housing residents to keep a hackable device that can become an audio eavesdropping tool in their apartment may represent the most disturbing application of the Halo 3C. 'That kind of took it up a notch as far as how egregious this entire product line is,' Nyx says. 'Most people have an expectation that their home isn't bugged, right?' As sensors like the Halo 3C proliferate across schools and even homes, Vasquez-Garcia says the biggest takeaway from his and Nyx's findings ought to be that putting microphones and internet connections into every device in our lives as simple as a smoke detector is a decision that carries real risk. 'If people remember one thing from this, it should be: Don't blindly trust every internet of things device just because it claims to be for safety,' Vasquez-Garcia says. 'The real issue is trust. The more we accept devices that say 'not recording' at face value, the more we normalize surveillance without really knowing what's inside or bothering to question it.'
Tahawul Tech
13 hours ago
- Business
- Tahawul Tech
Nvidia calls claims of secret kill switch ‘implausible'
Nvidia has refuted the idea that its GPUs were built with kill switches or backdoors while simultaneously attempting to dissuade politicians suggesting its chips should include features such as location sharing and remote-control. In a blog, Nvidia chief security officer David Reber argued embedding backdoors and kill switches into its chips 'would be a gift to hackers and hostile actors', undermining global digital infrastructure and fracturing trust in US technology. He noted to mitigate the risk of misuse, some pundits and politicians proposed requiring hardware to have built-in controls which can remotely disable GPUs without user knowledge and consent, adding some suspect these might already exist. Until recently, Reber noted established law required companies to fix any security vulnerabilities and the principle still holds. 'There is no such thing as a 'good' secret backdoor, only dangerous vulnerabilities that need to be eliminated', he said. 'Product security must always be done in the right way: through rigorous internal testing, independent validation and full compliance with global security standards.' Implausible China's government held a meeting with the company last week to outline its concerns about a US push for its advanced chips to include tracking and positioning features. Nvidia said there were suggestions 'find my phone' or 'remote wipe' features on smartphones could be used as models for a GPU kill switch. However, Nvidia's security chief said the comparison 'doesn't hold water, optional software features, controlled by the user, are not hardware backdoors'. 'Hardwiring a kill switch into a chip is something entirely different: a permanent flaw beyond user control and an open invitation for disaster', Reber warned. Source: Mobile World Live Image Credit: Nvidia
CNA
a day ago
- CNA
US federal courts say their systems have been targeted by 'recent escalated cyberattacks'
08 Aug 2025 02:28AM (Updated: 08 Aug 2025 02:51AM) WASHINGTON :The federal judiciary said in a statement Thursday that its IT systems have been targeted by "recent escalated cyberattacks of a sophisticated and persistent nature."
South China Morning Post
a day ago
- Business
- South China Morning Post
Taiwan cyberattacks ‘below average' but widespread, Beijing political advisor says
Taiwan 's collection of cyberhackers may not be sophisticated, but they are 'diligent' when it comes to executing attacks on various mainland Chinese targets, according to one of the country's top cybersecurity experts. Zhou Hongyi, chairman of cybersecurity company Qihoo 360 and a member of the Chinese People's Political Consultative Conference , China's top political advisory body, said in an interview with Hong Kong-based Phoenix TV that aired on Wednesday that Taiwanese hackers operated at a 'below global-average level'. 'They take advantage of the fact that many of our organisations neglect security and fail to apply patches, so even old vulnerabilities can still work for them,' he told the media outlet during an internet security conference in Beijing. 'Their only real advantage is their diligence. They launch attacks on the mainland very frequently and target a wide range of organisations, which is why we've collected the most evidence against them,' Zhou was quoted as saying on the conference's sidelines. Zhou Hongyi, chairman of China's Qihoo 360, speaks to media in Beijing in March: Qihoo 360 was among several Chinese firms added to the US Entity List in 2020. Companies listed on the trade-restriction register have been deemed by Washington as a threat to US national security or foreign policy. Once on the list, the firms cannot receive American goods and technology without a special licence.
