Lily Hay Newman, Author at New ĐÓ°ÉÔ­´´ Science news and science articles from New ĐÓ°ÉÔ­´´ Thu, 22 Mar 2018 14:11:17 +0000 en-US hourly 1 https://wordpress.org/?v=7.0.1 242057827 Hidden motors: cycling’s mechanical doping problem hits new low /article/2085403-hidden-motors-cyclings-mechanical-doping-problem-hits-new-low/?utm_campaign=RSS|NSNS&utm_content=currents&utm_medium=RSS&utm_source=NSNS /article/2085403-hidden-motors-cyclings-mechanical-doping-problem-hits-new-low/#respond Thu, 21 Apr 2016 13:19:40 +0000 /?post_type=article&p=2085403 Belgian cyclo-cross rider Femke Van Den Driessche
A hidden motor was found in the bike of Belgian rider Femke Van Den Driessche
YORICK JANSENS/AFP/Getty Images

Usually when we think of performance enhancing in professional sports we think of . But there are other, more externalised approaches too. Equipment tweaks in things like or can potentially do just as much as doping to affect outcomes.

But a new trend in professional cycling involves some hilariously blatant scamming: riders are installing electric motors on their bikes.

On Sunday, journalists at Italian newspaper Corriere della Sera and French TV network Stade 2 published evidence alleging in Italy last month. The International Cycling Union (UCI) has been using iPads to check bikes for electromagnetic irregularities, but the journalists used thermal cameras to collect additional data.

Speculation about tiny, battery-powered motors in the sport started around 2010. At the time, a spokesperson for the ICU : “Maybe we are facing a general problem. You never know with technology.”

In January, these concerns finally bore out when the “technological fraud”. It discovered that 19-year-old Belgian competitor Femke Van den Driessche had a hidden electric motor on the bike she used in an off-road cyclo-cross competition. “We believe that it was indeed technological doping,” Brian Cookson.

The Corriere della Sera and Stade 2 journalists allege that five riders were using electric motors similar to Van den Driessche’s, and two others had magnetic propulsion systems on their rear wheels. These electromagnetic wheels can add 20 to 60 watts of power on top of someone’s pedalling.

Power boost

Hidden motors can add , though probably in practice. A February article about the technologies : “You can do more miracles with electricity than chemistry.”

Electromagnetic wheel systems are somewhat mysterious and don’t seem to be sold openly, but electric motors are a consumer product marketed for the average rider. Who wouldn’t want an extra boost on the way to work or the grocery store?

So-called “e-bikes” like the cost about $2000 to $3000 and proudly advertise their motors. But conversion kits like the and can be in a similar price range or higher, especially if you are paying for special low-profile options like Vivax’s “Invisible Performance Package”.

Vivax in October that it hadn’t been contacted by the UCI and that its customers were mainly people over 60 who were trying to keep up with riding buddies.

Though electromagnetic wheels are no better, you can at least see how an athlete could justify them as a sort of equipment upgrade. Concealed motors, though, are just flat-out ridiculous. You’re basically doing a biking competition on a motorcycle.

The UCI clearly needs to continue improving its bike-scanning tech. Meanwhile, athletes should stop cheating. Or at the very least have some dignity about keeping the techniques subtle.

This article was first published on

]]>
/article/2085403-hidden-motors-cyclings-mechanical-doping-problem-hits-new-low/feed/ 0 2085403
Should Facebook turn in ISIS supporters? /article/2068023-should-facebook-turn-in-isis-supporters/?utm_campaign=RSS|NSNS&utm_content=currents&utm_medium=RSS&utm_source=NSNS Tue, 08 Dec 2015 14:05:00 +0000 http://dn28637 On Friday the FBI classified the mass shooting in San Bernardino, California, as “an act of terrorism”. Tashfeen Malik and her husband, Syed Rizwan Farook, don’t seem to have been in direct contact with ISIS, but the extremist militant group “supporters” on Saturday. Should Facebook turn in those posting messages supporting ISIS? “At this point we believe they were more self-radicalized and inspired by the group,” one anonymous official . According to officials, Malik had made a bayat, or pledge of allegiance, to ISIS leader Abu Bakr al-Baghdadi in a Facebook post. On Sunday, during an on This Week, Democratic presidential candidate Hillary Clinton said that the US government is “going to need help from Facebook, and from YouTube, and from Twitter. They cannot permit the recruitment and the actual direction of attacks or the celebration of violence by this sophisticated internet user. They’re going to have to help us take down these announcements and these appeals.” In the case of Malik’s post, it seems that’s exactly what happened. Malik posted her ISIS pledge on an account with a different name, and Facebook says it because it violated the site’s community standards by praising and promoting terrorism. Officials that Malik posted her allegiance comment shortly before she and her husband initiated the attack on Inland Regional Center that killed 14 people. And FBI director James Comey said that the couple’s digital presence before the shootings was “nothing of such a significance” that the FBI would have flagged them in advance.

Defining “terrorist”

Nevertheless, the situation with Malik is giving new life to the debate about whether social networks should be legally required to report suspicious posts or activity to law enforcement. A provision of the 2016 Intelligence Authorization Act approved by the US Senate Select Committee on Intelligence at the beginning of July would have required tech companies to report “terrorist activity” to law enforcement. “What they do now is simply terminate the account of the person who is plotting the attack,” Richard Clarke, a former White House counterterrorism official and ABC News consultant, . “It is very unlikely today that a social media company would turn around and call the police.” But critics pointed out that the bill did not offer a definition of “terrorist activity” to guide social networks. And the that Comey was actually only lukewarm about the bill. He called it an “interesting idea” but added that tech companies are “pretty good about telling us what they see”. Indeed, Facebook has that it reserves the right to “refer issues to law enforcement”. Furthermore, Monika Bickert, Facebook’s head of policy management, in a statement: “We share the government’s goal of keeping terrorist content off our site. Our policies on this are crystal clear: we do not permit terrorist groups to use Facebook, and people are not allowed to promote or support these groups on Facebook.” On July 28, Senator Ron Wyden because of the vague definition of terrorist activity in the social media provision. “I haven’t yet heard any law enforcement or intelligence agencies suggest that this provision will actually help catch terrorists, and I take the concerns that have been raised about its breadth and vagueness seriously,” Wyden said in a statement. “Internet companies should not be subject to broad requirements to police the speech of their users.”

Electronic stewards

Furthermore, legally requiring that social networks do this can lead to censorship creep. Or as Emma Llansó, who runs the Free Expression Project at the Center for Democracy & Technology, : “Turning all communications intermediaries, who are today’s stewards of our electronic papers and effects, into informants for the government flies in the face of Fourth Amendment protections.” The debate over social networks and extremists is a bit like the ongoing discussion about giving law enforcement . During his Sunday evening address about terrorism, US president Barack Obama seemed to refer to encryption when he said: “I will urge high-tech and law enforcement leaders to make it harder for terrorists to use technology to escape from justice.” As politicians and law enforcement scramble to secure us against terrorist attacks, there is a strong need to know what’s going on. But this must be balanced by an awareness of the fine line between information-gathering, surveillance and censorship. In her interview with Stephanopoulos on Sunday, Clinton said: “I know what the argument is from our friends in the industry. I respect that. Nobody wants to be feeling like their privacy is invaded. But I also know what the argument is on the other side from law enforcement and security professionals.” If Clinton is uniquely positioned to see both sides of the debate, then she should know that compelling social networks to act as dragnets is not the solution, especially if they’re already willing to develop internal standards. This article first appeared on Lily Hay Newman is a Slate staff writer Image credit: Facebook Reporting Guide]]>
2068023
The internet of things needs anti-virus protection /article/1998836-the-internet-of-things-needs-anti-virus-protection/?utm_campaign=RSS|NSNS&utm_content=currents&utm_medium=RSS&utm_source=NSNS Wed, 12 Mar 2014 18:04:00 +0000 http://dn25212
The internet of things needs anti-virus protection

As more and more everyday objects get connected to the internet, there is a pressing need to protect them as we do computers, says Slate‘s Future Tense blogger Lily Hay Newman

As the grows and more devices than ever have network connectivity baked in, you might start to wonder what protects all of these smart home appliances and media streaming dongles against hacks. The answer: pretty much nothing. Companies can release security updates or patches when they learn about vulnerabilities in their devices, but who is going to do a software update on their refrigerator?

The problem is particularly troubling in an industry where there are internet routers in every office and a voice over internet protocol (VoIP) phone on every desk. Even if attackers can’t get into your computer because it’s running anti-virus software, they can still get eyes and ears in your office by hacking a VoIP phone or video console unit. And since those devices are behind office firewalls, they might even be able to infiltrate network servers from there.

In an attempt to implement a large-scale solution for corporate and government application, a group of researchers at Columbia University in New York have started a company, , to sell security defences for embedded devices – that is the little computers in electronics that don’t look recognisably like a laptop, desktop, or server. The group has funding from Columbia and the US Department of Homeland Security, and had funding from the Defense Advanced Research Projects Agency for earlier research. Last week at the security summit , Red Balloon presented a of Avaya-brand VoIP phones and showed how their defence system, known as the Symbiote, can alert a device’s owner to an attack.

Spot the weakness

“Now that we know that these phones can be hacked and used as eyes and ears by the attackers, it’s time we started demanding real security on the phones,” says Ang Cui, Red Balloon’s chief scientist. “These phones, like most other embedded devices I’ve looked at, are about as protected as my laptop back in 2006, without anti-virus.”

In the past, Red Balloon has exploits of multiple . Combined with the Avaya demonstration, they have now exposed vulnerabilities in products that together represent more than half of total worldwide. That’s a lot of vulnerable phones.

Cui, along with Red Balloon’s director Salvatore Stolfo and the rest of their research team, are offering corporations and government agencies a free pilot licence of their package of defence products, . The goal is to install the product on the large quantity of devices these groups already use to offer protection, but also do recon to see if the devices have already been exploited, and by whom. Long term, the idea is for Red Balloon software to come standard on new devices so they are pre-protected for consumers.

The Symbiote

The main component of Red Balloon’s defence, the Symbiote, is a small piece of code that is injected into a “host” device. The product is “operating system agnostic”, meaning it can analyse and protect any device even if it is running a proprietary operating system that Red Balloon couldn’t have accessed and parsed in advance. Once injected, the Symbiote lies in wait, monitoring the system for suspicious activity like modifications in certain parts of the code. If it detects something, the Symbiote alerts the device’s owner and other Symbiotes running on the same network.

The Red Balloon researchers aren’t the only group working on defence solutions for embedded devices, though. At MITRE, a non-profit organisation that runs federally funded research and development centres, researchers are using work in Pittsburgh, Pennsylvania, to develop their own approach to system security. Xeno Kovah, MITRE’s information security engineer, explains that the approach he is working on also lives on a device, but isn’t looking for code modifications.

Instead it assumes that an attacker has full knowledge of the system they are hacking, and allows her to try to conceal her presence on the device. This very attempt at concealment involves sending requests to the device system that create a detectable change in the amount of time it takes for requests to be answered on a device, indicating the presence of the attacker.

Kovah points out that if Red Balloon’s Symbiote is focused on checking whether code is intact, an attacker could manipulate the system to make the Symbiote think that the system still looks the same when it has actually been modified. Additionally, Kovah points out that not all attacks involve modifying code. Instead, some are targeted at redirecting the flow of data through a system in deleterious ways.

In the wild

“The software Symbiote definitely does defeat the type of attackers that are in the wild right now,” Kovah says, but “I don’t have a lot of faith in it long-term”. Kovah worries that if attackers can control and warp measurements of a system, they can make products like the Symbiote send back normal readings even though a device has been compromised.

Cui says that he thinks timing-based attestation is a strong option in some contexts, but is “infeasible for the general case”. And he adds that AESOP, the security software suite, includes a component for evaluating the code that coordinates software and hardware (the firmware) and removing any unnecessary or easily repeatable code that a hacker could infiltrate or hide behind. Most importantly, AESOP is both a pilot of Red Balloon’s products and “a recon mission for us to find real embedded attacks in places we think we’ll find them”. The data from the pilot will inform Red Balloon’s next development steps by giving the group more information about who is currently exploiting embedded device weaknesses and why.

Everyone agrees, though, that embedded devices “have negligible security”, as Kovah says. “At least the Red Balloon approach gives you some ability to detect whether or not there’s manipulation of the device. That’s the kind of capability that’s not widely available.”

This article first appeared in

]]>
1998836