Microsoft Edge’s ‘Super Duper Secure Mode’ Does What It Says
This week, Apple made an announcement as surprising as it was controversial. The company will begin scanning both iCloud and user devices for child sex abuse materials. It’s using clever cryptography to do so, and it won’t actually be able to view the images on a user’s iPhone, iPad, or Mac unless it detects multiple instances of CSAM. But some cryptographers sounded the alarm over how the technology could be used in the future, especially by authoritarian governments.
This week also marked the kickoff of the Black Hat security conference, which means hacks aplenty. A Google researcher found eavesdropping vulnerabilities in several major messaging apps; they’ve all been patched by now, but it speaks to what appears to be an endemic problem with certain kinds of video calls. Pneumatic tubes found in lots of US hospital systems are vulnerable to attack, which could cause chaos and delays, though not necessarily in that order. A fix went out this week, but as with a lot of IoT updates it’s going to be a mixed bag as to who actually installs them and when. And we spoke with one hacker who says he figured out how to control the lights, fans, and convertible beds in a capsule hotel in Japan—and used that knowledge to torment a noisy neighboring guest.
We took a look at how regulators in France have managed to move the needle on Google and privacy. We whipped up a primer on RCS, the texting standard that’s going to make your life a lot easier as soon as all the players get on board. And we tried Citizen’s controversial new app that charges $20 a month for a personal security service.
And there’s more! Each week we round up all the security news WIRED didn’t cover in depth. Click on the headlines to read the full stories, and stay safe out there.
You’ve never had more choices for a privacy-focused browser, especially given all the anti-tracking features Apple’s Safari has packed in recently. But for a secure browser, it’ll be hard to beat what Microsoft has done with the new Super Duper Secure Mode in Edge. The primary adjustment is that it disables “Just-in-Time,” known as JIT, in Edge’s V8 JavaScript engine. JIT helps keep things moving quickly, but it is also at the heart of an alarming percentage of browser-related vulnerabilities. By switching it off, Microsoft can also implement security features that wouldn’t play nice with JIT. It’s not clear yet if the company is going to make Super Duper Secure Mode an official feature, but you can try it out if you’re on a beta or dev build of Edge.
Hopefully you’ve never had your Facebook account hacked—or been in a position where you needed to talk to a human person at Facebook for any reason whatsoever. It’s basically impossible. But some frustrated victims have resorted to an extreme workaround to regain access to their News Feeds: buying a $300 Oculus Quest 2, and going through that company’s customer support system. Facebook owns Oculus, and the hardware requires a Facebook account to use, so the workaround has worked, at least for some people. But the main lesson here, of course, is that it shouldn’t be anywhere near that hard in the first place to get a little help when things go wrong on your account.
Motherboard reports this week that scammers have made a big business out of getting accounts banned on Instagram, using tricks like filing false impersonation claims or fraudulently reporting them for violating the platform’s self-harm policies. Getting someone banned can cost as little as $60. It doesn’t sound like there’s any great plan in place to stop this kind of mayhem, but Instagram has said it is “investigating” the sites that peddle it.
The Cybersecurity and Infrastructure Security Agency this week announced the Joint Cyber Defense Collaborative, a team-up between CISA and tech companies like Microsoft, Amazon, and Google. The goal is to increase information sharing between the government and the private sector to help both stymie and better respond to ransomware attacks. For sure, every little bit helps, but ransomware will likely continue to be a serious problem until and unless Vladimir Putin starts cracking down on groups in Russia. Which seems … unlikely.
More Great WIRED Stories