Daily Archives: July 12, 2022

You Don’t Own What You’ve Bought: Sony Removes 100s Of Movies Bought Through PS Store

Posted on by

We have done many, many posts explaining how, unfortunately, it seems the idea of a person owning the things they’ve bought has become rather passe. While in the age of antiquity, which existed entire tens of years ago, you used to be able to own things, these days you merely license them under Ts and Cs that are either largely ignored and clicked through or that are indecipherable, written in the otherwise lost language known as “Lawyer-ese”. The end result is a public that buys things, thinks they retain ownership over them, only to find out that the provider of the things alters them, limits their use, or simply erases them from being.

Take anyone who bought a movie distributed by StudioCanal in Germany and Austria through Sony’s Playstation store, for instance. Sony previously had a deal to make those movie titles available in its store, but declined to continue offering movies and shows in 2021, stating that streaming services had made the deal un-competitive.

Sony’s PlayStation group stopped offering movie and TV show purchases and rentals, as of Aug. 31, 2021, citing the rise of streaming-video services. At the time, Sony assured customers that they “can still access movie and TV content they have purchased through PlayStation Store for on-demand playback on their PS4, PS5 and mobile devices.

And when Sony said that, it apparently forgot to add two very important words to its statement: “for now.” Instead, Sony decided to drop the bomb with yet another statement regarding StudioCanal content in Germany and Austria. It essentially amounts to: hey fuckers, that shit you bought is about to disappear, mmkay bye.

“As of August 31, 2022, due to our evolving licensing agreements with content providers, you will no longer be able to view your previously purchased Studio Canal content and it will be removed from your video library,” the notices read. “We greatly appreciate your continued support.”

Poof, it’s gone! That remark about appreciating the public’s “continued support” seems more like begging than acknowledging reality. Especially once you start asking the questions that immediately leap to mind.

For example: will customers get a refund for the movies that they bought and now can’t access? As per the source article “it’s unclear”, which likely means “hahahahaha nope.” How many movies were delisted? Literally hundreds. Are these just small-time movies? Nope, they include AAA titles like The Hunger Games and John Wick.

And so a whole bunch of people are going to find out that they didn’t buy anything, they rented some movies for a previously indefinite period of time that just became definite, long after the purchase was made. It’s hard to imagine something more anti-consumer than that.

Source: You Don’t Own What You’ve Bought: Sony Removes 100s Of Movies Bought Through PS Store | Techdirt

Leaked Uber files reveal extensive use of ‘kill switch’, Lobbying partners including Macron, tax haven use, etc

Posted on by

A data leak from ride-sharing app Uber revealed activities allegedly geared to avoid regulation and law enforcement – including a “kill switch” that would remotely cut computer access to servers at its headquarters in San Francisco in case of a raid – according to weekend media.

The leak was provided to The Guardian and shared with the nonprofit International Consortium of Investigative Journalists (ICIJ) which helped work though the 124,000 records, which include 83,000 emails, iMessages and WhatsApp exchanges.

The records detail internal conversations within Uber, plus interactions between Uber executives and government officials. The trove contains documents detailing interactions with 30 countries and cover the period 2013 to 2017, when Uber was on the rise and confronting pushback from both regulators and the taxi industry.

The 18.7GB cache reveals that the kill switch used to block authorities from probing Uber’s IT systems – which was already known to a lesser extent – was actually deployed at least 12 times in France, the Netherlands, Belgium, India, Hungary and Romania.

The first instances known of the kill switch being used were in late 2014 in France during two separate raids. A November raid took only 13 minutes between email instructing the action to an IT engineer in Denmark and access being cut.

Emails show the kill switch was used at the command of top-level executives, including none other than former CEO Travis Kalanick, as well as legal staff. Both execs and legal staff were often copied in to emails instructing access cuts.

The kill switch, known internally as Ripley, was used in conjunction with a remote-control program called Casper that cut network access after devices were confiscated by authorities. Because Uber was fond of these justice-obstructing programs and their code names, there was also of course Greyball, revealed in 2017, which blocked cops from booking cabs, lest they were interested in busting unregulated drivers.

Uber learned to predict and prepare for raids, and even issued a manual to employees containing 66 bullet points on how to respond. Titled “Dawn Raid Manual”, it instructed employees to stall by escorting regulators to meeting rooms without files and never to leave them alone.

Employees were also advised to “play dumb” as systems severed their connections to the company’s main IT systems whenever police searched their equipment, as documented in a text exchange between former EMEA head of public policy Mark McGann and current global head of sustainability Thibaud Simphal.

The trove of files goes beyond the technical systems in place to stymie investigations. It also details lobbying efforts, close relationships between execs and public officials including France’s then-economy minister Emmanuel Macron, use of Bermuda as a tax haven, public relations efforts to use violence against its drivers to garner public sympathy, and more.

[…]

Source: Leaked Uber files reveal extensive use of ‘kill switch’ • The Register

Rolling pwn hack opens Honda cars by listening to keyfob 100 feet away

Posted on by

Hackers have uncovered ways to unlock and start nearly all modern Honda-branded vehicles by wirelessly stealing codes from an owner’s key fob. Dubbed “Rolling Pwn,” the attack allows any individual to “eavesdrop” on a remote key fob from nearly 100 feet away and reuse them later to unlock or start a vehicle in the future without owner’s knowledge.

Despite Honda’s dispute that the technology in its key fobs “would not allow the vulnerability,” The Drive has independently confirmed the validity of the attack with its own demonstration.

Older vehicles used static codes for keyless entry. These static codes are inherently vulnerable, as any individual can capture and replay them at will to lock and unlock a vehicle. Manufacturers later introduced rolling codes to improve vehicle security. Rolling codes work by using a Pseudorandom Number Generator (PRNG). When a lock or unlock button is pressed on a paired key fob, the fob sends a unique code wirelessly to the vehicle encapsulated within the message. The vehicle then checks the code sent to it against its internal database of valid PRNG-generated codes, and if the code is valid, the car grants the request to lock, unlock, or start the vehicle.

The database contains several allowed codes, as a key fob may not be in range of a vehicle when a button is pressed and may transmit a different code than what the vehicle is expecting to be next chronologically. This series of codes is also known as a “window,” When a vehicle receives a newer code, it typically invalidates all previous codes to protect against replay attacks.

This attack works by eavesdropping on a paired keyfob and capturing several codes sent by the fob. The attacker can later replay a sequence of valid codes and re-sync the PRNG. This allows the attacker to re-use older codes that would normally be invalid, even months after the codes have been captured.

A similar vulnerability was discovered late last year and added to the Common Vulnerabilities and Exposures database (CVE-2021-46145), and again this year for other Honda-branded vehicles (CVE-2022-27254). However, Honda has yet to address the issue publicly, or with any of the security researchers who have reported it. In fact, when the security researchers responsible for the latest vulnerability reached out to Honda to disclose the bug, they said they were instead told to call customer service rather than submit a bug report through an official channel.

[…]

Source: I Tried the Honda Key Fob Hack on My Own Car. It Totally Worked

First Laser Weapon For A Fighter Delivered To The Air Force

Posted on by

[…] A report today from Breaking Defense confirmed that Lockheed Martin delivered its LANCE high-energy laser weapon to the Air Force in February this year. In this context, LANCE stands for “Laser Advancements for Next-generation Compact Environments.” The recipient for the new weapon is the Air Force Research Laboratory, or AFRL, which is charged with developing and integrating new technologies in the air, space, and cyberspace realms.

Tyler Griffin, a Lockheed executive, had previously told reporters that LANCE “is the smallest, lightest, high-energy laser of its power class that Lockheed Martin has built to date.”

Indeed, Griffin added that LANCE is “one-sixth the size” of a previous directed-energy weapon that Lockheed produced for the Army. That earlier laser was part of the Robust Electric Laser Initiative program and had an output in the 60-kilowatt class. We don’t yet know what kind of power LANCE can produce although there have been suggestions it will likely be below 100 kilowatts.

For LANCE, Lockheed has been drawing from its previous experience in ground-based lasers, like this concept for a Future Mobile Tactical Vehicle armed with a directed-energy weapon. Lockheed Martin

As well as being notably small and light, LANCE has reduced power requirements compared to other previous weapons, a key consideration for a fighter-based laser, especially one that can be mounted within the confines of a pod.

If successful in its defensive mission, it’s feasible that LANCE could go on to inform the development of more offensive-oriented laser weapons, including ones that could engage enemy aircraft and drones at longer ranges than would be the case when targeting a fast-approaching anti-aircraft missile, whether launched from the ground or from an enemy aircraft.

LANCE has been developed under a November 2017 contract that’s part of the Air Force’s wider Self-protect High Energy Laser Demonstrator, or SHiELD, program, something that we have written about in the past.

SHiELD is a collaborative effort that brings together Lockheed Martin, Boeing, and Northrop Grumman. While Lockheed Martin provides the actual laser weapon, in the form of LANCE, Boeing produces the pod that carries it, and Northrop Grumman is responsible for the beam control system that puts the laser onto its target — and then keeps it there.

An engineer looks at a directed-energy system turret in the four-foot transonic wind tunnel at Arnold Air Force Base, Tennessee, in March 2021. U.S. Air Force/Jill Pickett

Kent Wood, acting director of AFRL’s directed energy directorate, told Breaking Defense that the various SHiELD subsystems “represent the most compact and capable laser weapon technologies delivered to date.”

Wood’s statement also indicated that actual test work by AFRL is still at an early stage, referring to “mission utility analyses and wargaming studies” that are being undertaken currently. “Specific targets for future tests and demonstrations will be determined by the results of these studies as well,” he said.

Meanwhile, Lockheed’s Tyler Griffin added that the next stage in the program would see LANCE integrated with a thermal system to manage heating and cooling.

At his stage, we don’t know exactly what aircraft LANCE is intended to equip, once it progresses to flight tests and, hopefully, airborne firing trials. However, Griffin said that “a variety of potential applications and platforms are being considered for potential demonstrations and tests.”

Previous Lockheed Martin concept art has shown the pod carried by an F-16 fighter jet. And, while SHiELD is initially concerned with proving the potential for active defense of fighter jets in high-risk environments, officials have also talked of the possibility of adapting the same technology for larger, slower-moving combat and combat support aircraft, too.

Boeing flew a pre-prototype pod shape — without its internal subsystems — aboard an Air Force F-15 fighter in 2019. During ground tests, meanwhile, a representative laser, known as the Demonstrator Laser Weapon System (DLWS), has already successfully shot down multiple air-launched missiles over White Sands Missile Range in New Mexico, also in 2019.

A decision on the initial test platform for the complete SHiELD system will likely follow once a flight demonstration has been funded, which is currently not the case. Similarly, there is not yet a formal transition plan for how LANCE and SHiELD could evolve into an actual program of record.

[…]

Source: First Laser Weapon For A Fighter Delivered To The Air Force