Daily Drop (859): | Google: RUST | CN: Defense Spending | ISS: 3D Printing | CN: TW IO OPs | CN: Vehicle DB | A18 Chip | FTC: Tech Firms | Qualcomm: IBM |
09-07-24
Saturday, Sept 07 2024 // (IG): BB // ScraperDaddy // Coffee for Bob
Measures of Effectiveness (MoE):
MoEs are used to assess how well a system or operation achieves its intended goals. They are qualitative or quantitative metrics that reflect the success of achieving desired outcomes. For example, in a cybersecurity context, an MoE could be the reduction in successful cyber-attacks after implementing new security protocols.
Results: We are seeing an uptick in “163.com”, “189.com” and “QQ” subscribers.
Google Advocates for Replacing C/C++ Firmware with Rust to Enhance Security
Bottom Line Up Front (BLUF): Google is promoting Rust as a safer alternative to C and C++ for firmware development, emphasizing its security benefits, especially for preventing memory safety issues like buffer overflows. Rust offers comparable performance to C/C++ and can interoperate with existing C code without performance overhead. Despite resistance from parts of the tech community, including Linux kernel developers, Google is committed to expanding Rust’s role in projects like Android, Chromium, and embedded systems.
Analyst Comments: Rust's adoption in firmware development addresses critical vulnerabilities tied to memory safety, which have plagued C/C++-based systems. Google's support for Rust mirrors wider industry and government efforts to bolster cybersecurity, notably through initiatives like SBOMs. While Rust offers substantial security advantages, convincing a large pool of veteran C/C++ developers to transition remains a challenge, as evidenced by ongoing debates within the Linux community.
FROM THE MEDIA: Google engineers highlighted Rust’s potential to secure firmware by eliminating common vulnerabilities tied to memory safety, a persistent issue in C/C++ environments. While Rust has a steeper learning curve, its safety features and interoperability with C make it an attractive option for developers concerned with security. Google's push reflects broader industry trends to replace vulnerable codebases, though resistance from long-time C/C++ developers remains a hurdle.
READ THE STORY: The Register
Taiwan Faces Intensified Misinformation Campaigns Amid Cross-Strait Tensions
Bottom Line Up Front (BLUF): China’s increasing use of artificial intelligence (AI) in disinformation campaigns ahead of Taiwan's 2024 election has overwhelmed traditional fact-checking methods. As tensions rise between Taiwan and China, Beijing’s grey zone tactics, including military posturing and influence operations, are aimed at undermining trust in Taiwan’s political system. Taiwan must adapt its countermeasures, particularly regarding generative AI, to safeguard its democracy and counteract China’s growing influence.
Analyst Comments: Beijing’s use of AI to influence Taiwan’s political discourse marks a new chapter in the information warfare between the two nations. China’s coordinated disinformation efforts, particularly on platforms like TikTok and Instagram, underscore the need for Taiwan to strengthen its response mechanisms, which currently lag behind the sophistication of these tactics. Encouraging greater participation in global AI regulatory standards and tightening social media transparency during elections could help Taiwan mitigate the effects of such operations.
FROM THE MEDIA: China has escalated its use of generative AI in disinformation campaigns, targeting Taiwan’s 2024 presidential election. The influx of AI-generated content overwhelmed Taiwan's traditional fact-checking capabilities, leading to widespread misinformation and distrust in electoral systems. Troll groups amplified narratives around war and peace, exacerbating geopolitical tensions. Taiwan is urged to reform its digital platforms, enhance AI governance, and promote its role as a global economic and democratic powerhouse.
READ THE STORY: East Asis Forum
Apple’s New iPhone to Feature Arm’s Next-Gen Chip Technology for AI
Bottom Line Up Front (BLUF): Apple's iPhone 16, set to launch on Monday, will feature the A18 chip using Arm’s V9 architecture, marking a significant push towards integrating advanced AI features like generative AI capabilities. The new chip design is expected to enhance performance and enable Apple’s growing focus on AI-driven features, including smarter Siri and advanced photo editing tools.
Analyst Comments: Apple’s adoption of Arm’s V9 architecture for its A18 chip underscores the company’s strategic shift toward AI, aligning with broader industry trends that demand more powerful processing for on-device AI. The partnership with Arm, which secures revenue through licensing and royalties, positions both companies to benefit from rising demand for AI-integrated devices. Apple’s staggered release of AI features in the upcoming iOS 18.1 suggests a gradual rollout of its AI ambitions, with key features dependent on its latest chip advancements.
FROM THE MEDIA: Apple will unveil its A18 chip using Arm’s V9 design at the iPhone 16 launch, enhancing AI features like generative custom emojis and a smarter Siri. This follows Apple’s earlier use of V9 for its M4 MacBook chips, promising significant performance boosts. The launch is part of Apple’s broader strategy to integrate AI into its product ecosystem, supported by next-gen chip technology.
READ THE STORY: FT
FTC Urged to Stop Tech Firms from Downgrading Devices After Sale
Bottom Line Up Front (BLUF): Digital rights activists are pressuring the U.S. Federal Trade Commission (FTC) to prevent tech companies from downgrading device functionality post-purchase. Complaints highlight cases where apps controlling hardware, like Google/Levi’s smart jacket and Spotify's “Car Thing,” were discontinued, rendering devices unusable. Activists argue this practice, known as "software tethering," unfairly burdens consumers by blocking features, adding surprise subscription fees, and reducing resale value.
Analyst Comments: The growing trend of downgrading consumer tech post-sale undermines consumer rights and creates trust issues between manufacturers and users. It highlights a broader industry shift towards monetizing software through subscriptions, even for hardware purchases, and raises questions about the sustainability of tech ownership models. The FTC's involvement could set new precedents for device functionality, resale rights, and long-term software support.
FROM THE MEDIA: Consumer rights groups are advocating for FTC action against tech firms that reduce or eliminate device features via software updates or add unexpected fees. Notable examples include Google’s smart jacket losing functionality and Spotify’s “Car Thing” being bricked after discontinuation. These practices are seen as eroding consumer confidence and devaluing products. Activists argue that clear regulatory standards are needed to protect consumers from these surprise downgrades.
READ THE STORY: The Register
Russia, Iran, and China ramp up influence campaigns as election day approaches
Bottom Line Up Front (BLUF): U.S. intelligence officials expect an uptick in foreign influence operations from Russia, Iran, and China in the final months before the 2024 elections. While there are no imminent threats to voting infrastructure, influence efforts aim to shape public opinion and sow discord, particularly through disinformation spread via media outlets and influencers. These efforts include both overt and covert tactics to manipulate narratives favorable to foreign agendas.
Analyst Comments: The surge in disinformation targeting U.S. voters, particularly from Russia, is a continuation of tactics seen in previous elections but has evolved to include broader engagement with American media influencers and political commentators. With sanctions imposed on Russian operatives linked to these campaigns, it is evident that foreign governments are increasingly sophisticated in their approaches. While these efforts don't directly compromise election infrastructure, they pose a serious threat to democratic processes by manipulating voter sentiment.
FROM THE MEDIA: Intelligence officials have flagged Russia, Iran, and China for increasing influence operations aimed at shaping the U.S. election narrative. In recent weeks, Russia has been accused of funding conservative media figures to spread pro-Russian propaganda. At the same time, Iranian and Chinese efforts are focusing on divisive domestic issues. Agencies are working closely with campaigns and local election officials to ensure timely responses to these foreign interference campaigns.
READ THE STORY: Cyberscoop
Qualcomm Reportedly Eyeing Intel’s PC Design Business Amid Financial Struggles
Bottom Line Up Front (BLUF): Qualcomm is rumored to be exploring the acquisition of parts of Intel’s PC design business, potentially capitalizing on Intel’s financial difficulties. While Intel has denied any formal approaches, the deal could strengthen Qualcomm’s position in the PC segment, competing against Intel and AMD. This comes as Intel contemplates further cost-cutting measures, including selling units like its Mobileye and Network and Edge Group.
Analyst Comments: Qualcomm’s interest in Intel’s client PC design business highlights a strategic shift as it ventures deeper into the PC market, traditionally dominated by Intel. Intel’s financial woes and ongoing restructuring efforts under CEO Pat Gelsinger could lead to significant asset sales, offering Qualcomm an opportunity to expand its influence in the computing industry. However, Intel’s commitment to its PC business complicates any potential sale.
FROM THE MEDIA: Reports suggest Qualcomm is interested in parts of Intel’s PC design business, with Intel’s financial challenges driving rumors of potential asset sales. Intel, however, claims no formal discussions have occurred. As Intel looks to shed 15% of its workforce and explore strategic divestments, including its Mobileye and FPGA divisions, Qualcomm may be positioning itself to take advantage of Intel’s restructuring to enhance its PC market presence.
READ THE STORY: The Register
Misconfigured Elasticsearch Database Exposes 762K Chinese Car Owners
Bottom Line Up Front (BLUF): A misconfigured Elasticsearch database exposed sensitive personal and vehicle data of 762,000 Chinese car owners, leaving them vulnerable to identity theft, fraud, and physical security risks.
Analyst Comments: This incident underscores the risks of improperly configured databases, especially when sensitive personally identifiable information (PII) is involved. The leaked data could lead to identity theft, financial fraud, and security threats to affected individuals. The exposure highlights the importance of stringent data protection practices and accountability in managing large datasets. Elasticsearch, while powerful, must be properly secured to avoid such leaks.
FROM THE MEDIA: According to Cybernews, the exposed data included full names, contact details, ID numbers, vehicle information, and more, putting individuals at risk for various cyber and physical threats. Researchers emphasized the need for better data handling and security practices in managing large-scale databases.
READ THE STORY: SCMAG
Metal 3D Printing on ISS to Enable On-Demand Tools and Parts for Long-Duration Missions
Bottom Line Up Front (BLUF): The European Space Agency (ESA) successfully demonstrated 3D metal printing aboard the International Space Station (ISS), marking a significant advancement in space manufacturing. This technology allows astronauts to produce essential tools and parts in orbit, reducing dependency on Earth-based resupply. ESA plans further tests and aims to develop sustainable solutions, including recycling space debris for raw materials.
Analyst Comments: ESA's milestone in 3D metal printing in space is a breakthrough in reducing the logistical challenges of long-term space missions. In-situ production capabilities will be crucial for future lunar or Martian bases, where launching supplies from Earth is costly and inefficient. The potential for recycling space debris into useful materials further emphasizes the sustainability angle, aligning with growing concerns over space waste management.
FROM THE MEDIA: ESA’s first 3D-printed metal part in space, produced in August, demonstrates the viability of on-demand manufacturing aboard the ISS. Using metal instead of plastic, which had been done previously, opens up possibilities for creating durable tools and components in orbit. Future improvements aim at recycling space debris for sustainable manufacturing. This achievement is part of ESA's broader strategy to support long-duration space exploration.
READ THE STORY: The Register
Using Transparency & Collaboration to Strengthen Critical Infrastructure Defense
Bottom Line Up Front (BLUF): Protecting critical infrastructure from advanced cyber threats like China’s Volt Typhoon requires transparency, public-private partnerships, and enhanced visibility. Strategies like Software Bill of Materials (SBOM) and Vulnerability Exploitability Exchange (VEX) documents can help organizations detect and mitigate vulnerabilities, while public-private partnerships foster essential information sharing to counter state-sponsored cyber-espionage.
Analyst Comments: The article underscores China's extensive, covert military spending beyond its official $232 billion defense budget, potentially nearing $700 billion when factoring in paramilitary forces, research and development, and dual-use technologies. This shift reflects China's global ambitions and highlights growing security risks for neighboring countries and the U.S., warranting increased global attention and strategic planning.
FROM THE MEDIA: Cyber-espionage groups, such as China's Volt Typhoon, target critical infrastructure using advanced techniques to evade detection. To combat these threats, the industry must prioritize transparency and sharing, utilizing tools like SBOMs to monitor software vulnerabilities. Public-private collaboration allows for timely intelligence sharing and coordinated defense efforts, while real-time observability of IT systems aids in rapid threat detection and response.
READ THE STORY: DarkReading
Harari’s New Book Explores AI's Impact on Truth in the Information Wars
Bottom Line Up Front (BLUF): Yuval Noah Harari, author of Sapiens, returns with a thought-provoking new book addressing how artificial intelligence is transforming the global struggle over information. Harari draws parallels between historical debates on truth, like John Milton’s belief in the triumph of facts, and today’s AI-powered information wars. He warns that AI’s ability to generate convincing falsehoods risks eroding the reliability of truth itself, complicating the marketplace of ideas.
Analyst Comments: Harari's book offers a timely exploration of how AI could exacerbate challenges in distinguishing between fact and fiction. His insights are particularly relevant as generative AI blurs the line between real and fabricated content, raising ethical concerns. Drawing from history, Harari underscores the fragility of truth in an era where disinformation can proliferate swiftly, and suggests that society may need new frameworks for handling AI-driven narratives.
FROM THE MEDIA: In his latest work, Harari warns that AI’s growing ability to fabricate believable falsehoods might escalate the global information wars. Comparing this issue to John Milton’s 1644 defense of free speech, Harari suggests that while ideas should freely compete, the rise of AI-driven disinformation complicates the traditional belief that truth will naturally prevail. As AI develops, he argues, societies must adapt to ensure the integrity of facts in an increasingly muddled digital world.
READ THE STORY: The Economist
America’s Freedom Depends on Confronting China’s New War
Bottom Line Up Front (BLUF): Former Senator David Perdue outlines how the U.S. faces an existential "New War" with China, beyond traditional military conflict. He emphasizes that China’s strategies, deeply rooted in Marxist ideology, target economic dominance and dismantling Western democratic systems. Perdue urges bipartisan unity and decisive action to confront this comprehensive geopolitical challenge.
Analyst Comments: Perdue’s article serves as a stark warning about China’s expanding influence and ambition to replace the U.S.-led global order. The focus on China’s multi-domain approach, including economic, cyber, and ideological warfare, highlights the need for a cohesive U.S. strategy that extends beyond military solutions. The call for action includes economic decoupling, strengthening alliances, and revamping domestic manufacturing.
FROM THE MEDIA: Perdue discusses China’s efforts to dominate global trade, technology, and military advancements, particularly through initiatives like the Belt and Road and Made in China 2025. He underscores China's use of coercive tactics, such as fentanyl smuggling and rare earth control, and calls for stronger U.S. measures, including trade reciprocity and safeguarding critical infrastructure from Chinese influence.
READ THE STORY: The Washington Examiner
Items of interest
Hong Kong Introduces First Specific Cybersecurity Bill to Protect Critical Infrastructure
Bottom Line Up Front (BLUF): In June 2024, Hong Kong's Security Bureau proposed the Protection of Critical Infrastructure (Computer System) Bill, its first dedicated cybersecurity law aimed at safeguarding critical infrastructure (CI). The bill mandates cybersecurity measures for operators of CI essential for maintaining societal and economic activities. The bill does not apply to SMEs or the general public but targets large organizations critical to Hong Kong’s infrastructure. It also introduces a Commissioner’s Office for oversight and enforcement.
Analyst Comments: This bill represents a significant step in Hong Kong's approach to cybersecurity, emphasizing the protection of essential services like utilities and financial systems against cyberattacks. It aligns with global trends where governments are tightening regulations around critical infrastructure in response to increasing cyber threats. By focusing on large operators, Hong Kong aims to mitigate risks to societal stability, though the exclusion of smaller enterprises may create future vulnerabilities.
FROM THE MEDIA: The Protection of Critical Infrastructure (Computer System) Bill targets large organizations responsible for essential services, requiring them to implement cybersecurity measures to prevent disruptions. A new Commissioner’s Office will oversee its enforcement, signaling Hong Kong’s commitment to cybersecurity as a priority. The bill reflects a growing global awareness of the risks cyberattacks pose to critical infrastructure, especially in sectors like energy, finance, and healthcare.
READ THE STORY: Data Breaches
Hacking the Great Firewall (Video)
FROM THE MEDIA: What happens when an American computer science student studies abroad in China and decides to find out what the Chinese government is censoring? Learn about how he did it, and what he discovered on this episode of The Security Engineering Show.
Hong Kong Police Force (Video)
FROM THE MEDIA: Hong Kong emerged from riot-plagued times after the National Security Law came into effect. While the number of violent crimes dropped, the Hong Kong Police Force remains committed to stymieing all acts or threats of terrorism and bringing together citizens to fight crime, as well as ending terrorism, violence and deception—a duty of all.
The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.