Daily Archives: November 5, 2021

Reg reader ditches Samsung smart TV after seeing huge UI ads everywhere

Posted on by

A Register reader triggered a kerfuffle for Samsung after asking the electronics biz if he could disable large and intrusive adverts splattered across his new smart TV’s programme guide.

Ross McKillop bought the telly from UK retailer John Lewis but felt distinctly undersold when he turned it on to find the internet-connected device displaying advertising on its electronic programme guide menu.

Reg reader Ross McKillop's Samsung TV displaying smart ads taking up half the screen space

Ross McKillop’s Samsung TV displaying smart ads taking up half the screen space

“If you press the menu button to change between like TV or Netflix or, or whatever, even different sources, there’s an advert panel,” lamented McKillop to The Reg. “It seems that people accept this.”

Irritated by the giant advert for Samsung’s own wares, McKillop took to Twitter to ask the obvious question. The answer was surprisingly blunt.

“The more annoying [advert],” McKillop told us, “is the one that appears on the application menu, on every menu [level].”

Such a problem is, sadly, not new, as we reported about a year ago when other Samsung TV customers began wondering where the giant adverts splattered all over their TVs’ user interfaces had come from.

“I expect Netflix to promote Netflix’s products or Netflix programming on a service I pay for because it’s a service,” stormed McKillop, adding that he didn’t expect to have his TV’s manufacturer insert unavoidable advertising into his new box.

Smart readers (like our man Ross) know that you can kill ads at home with innovations such as the Pi-Hole home network-level adblocker.

Our reader also pointed out that the adverts on his new internet-connected telly were not visible in Samsung’s marketing videos about the product.

We asked Samsung if it wished to comment. The manufacturer failed to respond. McKillop has since returned his TV to retailer John Lewis.

Samsung has been relatively open about what its smart TVs do. A quick look at the “Samsung privacy policy – smart TV supplement” on its UK website reveals that the company hoovers up information about “your TV viewing history” including “information about the networks, channels, websites visited, and programs viewed on your Samsung Smart TV and the amount of time spent viewing them”.

This kind of subtle-but-invasive monitoring was the subject of a warning by an American university professor in 2019 who described it as “a cesspit of surveillance”.

The devices can pose a security risk unless they’re treated like any other internet-connectable device, as the Korean giant itself reminded tellywatchers a couple of years ago (well, they deleted that Twitter missive but El Reg doesn’t forget).

All in all, if you’re buying a Samsung TV, just remember that you’re not only paying for a big panel so you can watch reruns of Friends; you’re also paying to be part of Samsung’s global TV advertising network.

Source: Reg reader ditches Samsung smart TV after seeing huge UI ads • The Register

Kleiman v. Wright: $65 Billion Bitcoin Case Has Started

Posted on by

The civil trial of Ira Kleiman vs. Craig Wright started on Monday in Miami. The estate of David Kleiman is suing Craig Wright, the self declared inventor of bitcoin, for 50% ownership of 1.1 million bitcoins. The estate claims Kleiman was in a partnership with Wright to mine the coins but after Kleiman died in April 2013, Wright denied any partnership. At over $60,000 each per bitcoin, this case is currently worth $65 billion.

Craig Wright has previously claimed he is the inventor of Bitcoin, Satoshi Nakamoto, which has been met with skepticism based on his inability to show any proof. In this case, Wright has made numerous dubious claims. After the case was filed in 2018, Wright claimed he did not have the keys to the coins but that they would be arriving in January 2020 through a “bonded courier.” After January 2020, Wright provided keys to the estate for verification which the estate claims the bitcoins were fake. Expressing skepticism that the courier even existed, the estate asked for more information about the courier. Wright then claimed the identity of the courier and all communications were protected under attorney-client privilege as the courier was an attorney.

Source: Kleiman v. Wright: $65 Billion Bitcoin Case Has Started – Slashdot

Code compiled to WASM may lack standard security defenses

Posted on by

[…]

In a paper titled, The Security Risk of Lacking Compiler Protection in WebAssembly, distributed via ArXiv, the technical trio say that when a C program is compiled to WASM, it may lack anti-exploit defenses that the programmer takes for granted on native architectures.

The reason for this, they explain, is that security protections available in compilers like Clang for x86 builds don’t show up when WASM output is produced.

“We compiled 4,469 C programs with known buffer overflow vulnerabilities to x86 code and to WebAssembly, and observed the outcome of the execution of the generated code to differ for 1,088 programs,” the paper states.

“Through manual inspection, we identified that the root cause for these is the lack of security measures such as stack canaries in the generated WebAssembly: while x86 code crashes upon a stack-based buffer overflow, the corresponding WebAssembly continues to be executed.”

[….]

For those not in the know, a stack is a structure in memory used by programs to store temporary variables and information controlling the operation of the application. A stack canary is a special value stored in the stack. When someone attempts to exploit, say, a buffer overflow vulnerability in an application, and overwrite data on the stack to hijack the program’s execution, they should end up overwriting the canary. Doing so will be detected by the program, allowing it to trap and end the exploitation attempt.

Without these canaries, an exploited WASM program could continue running, albeit at the bidding of whoever attacked it, whereas its x86 counterpart exits for its own protection, and that’s a potential security problem. Stack canaries aren’t a panacea, and they can be bypassed, though not having them at all makes exploitation a lot easier.

And these issues are not necessarily a deal-breaker: WASM bytecode still exists in a sandbox, and has further defenses against control-flow hijacking techniques such as return-oriented programming.

But as the researchers observe, WASM’s documentation insists that stack-smashing protection isn’t necessary for WASM code. The three boffins say their findings indicate security assumptions for x86 binaries should be questioned for WASM builds and should encourage others to explore the consequences of this divergent behavior, as it applies both to stack-based buffer overflows and other common security weaknesses.

[…]

Source: Code compiled to WASM may lack standard security defenses • The Register

Likely Drone Attack On U.S. Power Grid Revealed In New Intelligence Report

Posted on by

U.S. officials believe that a DJI Mavic 2, a small quadcopter-type drone, with a thick copper wire attached underneath it via nylon cords was likely at the center of an attempted attack on a power substation in Pennsylvania last year. An internal U.S. government report that was issued last month says that this is the first time such an incident has been officially assessed as a possible drone attack on energy infrastructure in the United States, but that this is likely to become more commonplace as time goes on. This is a reality The War Zone has sounded the alarm about in the past, including when we were first to report on a still unexplained series of drone flights near the Palo Verde nuclear powerplant in Arizona in 2019.

[…]

“This is the first known instance of a modified UAS [unmanned aerial system] likely being used in the United States to specifically target energy infrastructure,” the JIB states. “We assess that a UAS recovered near an electrical substation was likely intended to disrupt operations by creating a short circuit to cause damage to transformers or distribution lines, based on the design and recovery location.”

ABC and other outlets have reported that the JIB says that this assessment is based in part on other unspecified incidents involving drones dating back to 2017.

[…]

Beyond the copper wire strung up underneath it, the drone reportedly had its camera and internal memory card removed. Efforts were taken to remove any identifying markings, indicating efforts by the operator or operators to conceal the identifies and otherwise make it difficult to trace the drone’s origins.

[…]

 

Source: Likely Drone Attack On U.S. Power Grid Revealed In New Intelligence Report

US bans trade with security firm NSO Group over Pegasus spyware

Posted on by

Surveillance software developer NSO Group may have a very tough road ahead. The US Commerce Department has added NSO to its Entity List, effectively banning trade with the firm. The move bars American companies from doing business with NSO unless they receive explicit permission. That’s unlikely, too, when the rule doesn’t allow license exceptions for exports and the US will default to rejecting reviews.

NSO and fellow Israeli company Candiru (also on the Entity List) face accusations of enabling hostile spying by authoritarian governments. They’ve allegedly supplied spyware like NSO’s Pegasus to “authoritarian governments” that used the tools to track activists, journalists and other critics in a bid to crush political dissent. This is part of the Biden-Harris administration’s push to make human rights “the center” of American foreign policy, the Commerce Department said.

The latest round of trade bans also affects Russian company Positive Technologies and Singapore’s Computer Security Initiative Consultancy, bot of which were accused of peddling hacking tools.

[…]

Source: US bans trade with security firm NSO Group over Pegasus spyware (updated) | Engadget