U.S. right-to-repair advocates hoped a district judge would finally rule Friday on Massachusetts' voter-approved right-to-repair referendum. But they were disappointed again, reports the Boston Globe, since instead the judge said he'd first have to consider a recent ruling by America's Supreme Court limiting the regulatory powers of the U.S. government's Environmental Protection Agency: The Massachusetts law was approved by 75 percent of voters in a 2020 referendum. But its implementation has been held up by court challenges ever since. It would require all automakers selling new cars in Massachusetts to provide buyers with access to "telematic" data â diagnostic information â via a wireless connection. That way, car owners could get their cars repaired at any independent repair shop, instead of being forced to have the work done at manufacturer-approved dealerships.

But the Alliance for Automotive Innovation, an association of the world's top carmakers, sued to overturn the law, arguing that only the federal government, not states, may enact such a rule. In addition, carmakers said that they could not redesign the digital systems of their cars in time to comply with the law's 2022 model-year deadline.

The lawsuit went to trial last summer, but the court's judgment has been repeatedly delayed. In the meantime, at least two auto manufacturers, Subaru and Kia, began selling cars in Massachusetts with their telematic features switched off, to avoid violating the law.
The state's attorney general has now granted a two-week "grace period" during which the law won't be enforced, according to the article, while the district judge "said that he expected to rule before the end of a two-week grace period."

Steve Jobs, the co-founder and former CEO of Apple, has been awarded a posthumous Presidential Medal of Freedom by President Joe Biden, the White House announced Friday. The Verge reports: The Presidential Medal of Freedom is the highest US honor that can be given to a civilian, and it's presented to "individuals who have made exemplary contributions to the prosperity, values, or security of the United States, world peace, or other significant societal, public or private endeavors," the White House said in a statement. Jobs founded Apple in April 1976, and it's since become one of the biggest companies in the world. He helped launch many tech products that have gone on to become cultural touchstones, including the Mac, the iPod, and the iPhone. He died on October 5th, 2011.

In its statement, the White House praised Jobs's creative approach to his various endeavors. "Steve Jobs was the co-founder, chief executive, and chair of Apple, Inc., CEO of Pixar and held a leading role at the Walt Disney Company," the White House wrote. "His vision, imagination and creativity led to inventions that have, and continue to, change the way the world communicates, as well as transforming the computer, music, film and wireless industries." The award will be presented on July 7th. The full list of this year's Presidential Medal of Freedom recipients can be viewed here.

Monica Alleven writes via Fierce Wireless: So much for the "win-win-win" scenario that Dish Network envisioned for the 12 GHz band. Dish and fellow MVDDS licensee RS Access have argued that the 12 GHz band can be used by both satellite players like SpaceX's Starlink and by companies like Dish that want to use it for 5G, all for the public's benefit. SpaceX on Tuesday submitted its own analysis (PDF) of the effect of terrestrial mobile deployment on non-geostationary orbit fixed satellite service (NGSO FSS) downlink operations. The upshot: The SpaceX study shows terrestrial mobile service would cause harmful interference to SpaceX's Starlink terminals in the 12.2-12.7 GHz band more than 77% of the time, resulting in full outages 74% of the time.

Although entities like RS Access note that SpaceX has access to plenty of other spectrum to accomplish its broadband mission, SpaceX insists that the 12 GHz band has become one of the most important and intensely used spectrum bands for Americans who depend on satellite services. In fact, SpaceX said it depends on the 12 GHz band for the workhorse frequencies in critical downlink services to serve Americans "in every corner of the nation." [...] SpaceX would like the FCC to drop the 12 GHz proceeding, but Dish and RS Access have been urging the FCC for years to change the rules so that their MVDDS licenses can be used for two-way 5G services. In response to SpaceX's submission, the 5G for 12 GHz Coalition, issued the following statement: "We understand that SpaceX has -- after 18 months and both a robust comment and reply period -- just filed its own in-house technical submission to the 12 GHz proceeding. Our engineers and technical experts are reviewing the filing in depth and remain committed to working in good faith with the FCC and stakeholders to ensure that the American public is able to reap the immense benefits of 5G services in this band."

An anonymous reader quotes a report from Ars Technica: The Federal Aviation Administration says it finally has a plan for the industry to replace or retrofit airplane altimeters that can't filter out transmissions from outside their allotted frequencies. The altimeter problem has prevented AT&T and Verizon from fully deploying 5G on the C-Band spectrum licenses the wireless carriers purchased for a combined $69 billion. The FAA was urging airlines to retrofit or replace altimeters in recent months and now says it has finalized a plan. An FAA statement on Friday said that "airlines and other operators of aircraft equipped with the affected radio altimeters must install filters or other enhancements as soon as possible."

AT&T and Verizon said they will be able to accelerate 5G deployments near airports in the coming months, but the carriers agreed to continue some level of "voluntary mitigations" in the airport areas until July 2023. Altimeters are used by airplanes to measure altitude. The FAA said a new "phased approach requires operators of regional aircraft with radio altimeters most susceptible to interference to retrofit them with radio frequency filters by the end of 2022. This work has already begun and will continue on an expedited basis."

Additionally, "filters and replacement units for the mainline commercial fleet should be available on a schedule that would permit the work to be largely completed by July 2023," the FAA said, continuing: "The radio-altimeter manufacturers have worked at an unprecedented pace with Embraer, Boeing, Airbus and Mitsubishi Heavy Industries to develop and test filters and installation kits for these aircraft. Customers are receiving the first kits now. In most cases, the kits can be installed in a few hours at airline maintenance facilities. Throughout this process, the FAA will work with both industries to track the pace of the radio altimeter retrofits while also working with the wireless companies to relax mitigations around key airports in carefully considered phases."

The Associated Press reports: Federal regulators say Verizon and AT&T will delay part of their 5G rollout near airports to give airlines more time to ensure that equipment on their planes is safe from interference from the wireless signals, but the airline industry is not happy about the deal. An airline industry trade group said federal regulators are taking a "rushed approach" to changing equipment on planes under pressure from the telecommunications companies.

The Federal Aviation Administration said Friday that the wireless companies agreed to delay some of their use of the C-Band section of the radio spectrum until July 2023. "We believe we have identified a path that will continue to enable aviation and 5G C-band wireless to safely co-exist," said the FAA's acting administrator, Billy Nolen. However, aviation groups say the C-Band service could interfere with radio altimeters — devices used to measure a plane's height above the ground....

Nolen said planes most susceptible to interference — smaller, so-called regional airline planes — must be retrofitted with filters or new altimeters by the end of this year. Components to retrofit larger planes used by major airlines should be available by July 2023, when the wireless companies expect to run 5G networks in urban areas "with minimal restrictions," he said. Airlines for America, a trade group for the largest U.S. carriers, said the FAA hasn't approved necessary upgrades and manufacturers have not yet produced the parts. "It is not at all clear that carriers can meet what appears to be an arbitrary deadline," trade group CEO Nicholas Calio said in a letter to Nolen....

Verizon said the agreement will let the company lift voluntary limits on its 5G rollout around airports "in a staged approach over the coming months." AT&T said it agreed to take "a more tailored approach" to controlling the strength of signals near runways so airlines have more time to retrofit equipment.

An anonymous reader quotes a report from BleepingComputer: Cisco advises owners of end-of-life Small Business RV routers to upgrade to newer models after disclosing a remote code execution vulnerability that will not be patched. The vulnerability is tracked as CVE-2022-20825 and has a CVSS severity rating of 9.8 out of 10.0. According to a Cisco security advisory, the flaw exists due to insufficient user input validation of incoming HTTP packets on the impacted devices. An attacker could exploit it by sending a specially crafted request to the web-based management interface, resulting in command execution with root-level privileges.

The vulnerability impacts four Small Business RV Series models, namely the RV110W Wireless-N VPN Firewall, the RV130 VPN Router, the RV130W Wireless-N Multifunction VPN Router, and the RV215W Wireless-N VPN Router. This vulnerability only affects devices with the web-based remote management interface enabled on WAN connections. [...] Cisco states that they will not be releasing a security update to address CVE-2022-20825 as the devices are no longer supported. Furthermore, there are no mitigations available other than to turn off remote management on the WAN interface, which should be done regardless for better overall security. Users are advised to apply the configuration changes until they migrate to Cisco Small Business RV132W, RV160, or RV160W Routers, which the vendor actively supports.

Over the last day or two, there have been a growing number of reports by people who own certain Canon Pixma printers that the devices either won't turn on at all or, once turned on, get stuck in a reboot loop, cycling on and off as long as they're plugged in. The Verge reports: Verge reader Jamie pointed us to posts on Reddit about the problem and Canon's own support forum, citing problems with models including the MX490, MX492, MB2010, and MG7520. Some believe their problem is due to a software update Canon pushed to the printers, but that hasn't been confirmed yet. In response to an inquiry from The Verge, corporate communications senior director and general manager Christine Sedlacek said, "We are currently investigating this issue and hope to bring resolution shortly as customer satisfaction is our highest priority."

Until there is an official update or fix, some people in the forums have found that disconnecting the printers from the internet is enough to keep them from rebooting, with control still possible via USB. To get the printers to work while maintaining your connection to the internet and their connection to local network devices, one reply from a customer on Canon's support forum suggests a method that many people report has worked for them.

An anonymous reader writes: A team of scientists created a novel type of temporary pacemaker -- one that dissolves on its own, without requiring any removal. In their latest research, they've paired the pacemaker with a series of wireless sensors on the skin, which should allow it to smartly monitor a patient's vital signs and adjust its pacing autonomously. Should the device continue to show promise, it could one day be used in patients undergoing cardiac surgery or who otherwise only need a pacemaker for a short while.

Last year, researchers at Northwestern University and George Washington University debuted the first version of the pacemaker. [...] In their new study, published Thursday in Science, the group has added more features to their pacemaker. According to author Igor Efimov, a professor of biomedical engineering and professor of medicine at Northwestern University, the pacemaker now comes with a "fully integrated network of wearable devices" attached to a patient's skin, four in total.

These devices not only monitor a person's heartbeat and other vital signs like body temperature -- they also wirelessly power the pacemaker and control its pacing automatically as needed. Doctors can remotely monitor the data collected by the device via a computer network. And in experiments with living rodents and dogs, as well as human hearts in the lab, the pacemaker and its closed loop system seemed to work as intended.

An anonymous reader quotes a report from Ars Technica: When you use your phone to unlock a Tesla, the device and the car use Bluetooth signals to measure their proximity to each other. Move close to the car with the phone in hand, and the door automatically unlocks. Move away, and it locks. This proximity authentication works on the assumption that the key stored on the phone can only be transmitted when the locked device is within Bluetooth range. Now, a researcher has devised a hack that allows him to unlock millions of Teslas -- and countless other devices -- even when the authenticating phone or key fob is hundreds of yards or miles away. The hack, which exploits weaknesses in the Bluetooth Low Energy standard adhered to by thousands of device makers, can be used to unlock doors, open and operate vehicles, and gain unauthorized access to a host of laptops and other security-sensitive devices.
[...]
[The] attack uses custom software and about $100 worth of equipment. [Sultan Qasim Khan, a principal security consultant and researcher at security firm NCC Group] has confirmed it works against the Tesla Model 3 and Model Y and Kevo smart locks marketed under the Kwikset and Weiser brand names. But he says virtually any BLE device that authenticates solely on proximity -- as opposed to also requiring user interaction, geolocation querying, or something else -- is vulnerable. "The problem is that BLE-based proximity authentication is used in places where it was never safe to do so," he explained. "BLE is a standard for devices to share data; it was never meant to be a standard for proximity authentication. However, various companies have adopted it to implement proximity authentication."

Because the threat isn't caused by a traditional bug or error in either the Bluetooth specification or an implementation of the standard, there's no CVE designation used to track vulnerabilities. Khan added: "In general, any product relying on BLE proximity authentication is vulnerable if it does not require user interaction on the phone or key fob to approve the unlock and does not implement secure ranging with time-of-flight measurement or comparison of the phone/key fob's GPS or cellular location relative to the location of the device being unlocked. GPS or cellular location comparison may also be insufficient to prevent short distance relay attacks (such as breaking into a home's front door or stealing a car from the driveway, when the owner's phone or key fob is inside the house)." There's a few countermeasures one can take to mitigate this attack. "One mechanism is to check the location of the authenticating device to ensure that it is, in fact, physically close to the locked car or other device," reports Ars.

"Another countermeasure is to require the user to provide some form of input to the authenticating device before it's trusted." The phone's accelerometer could also be used to measure its movements.

The advisories published by NCC Group can be found here, here, and here.

An anonymous reader quotes a report from The Guardian: Researchers in China revealed they have developed a contact lens that can sense an increase in pressure within the eye and release an anti-glaucoma drug should the pressure exceed a certain level. Writing in the journal Nature Communications, the team describe how they created the device using an upper and lower lens, with a snowflake-shaped pressure sensor and wireless power transfer device sandwiched between them around the rim of the lenses. The arrangement appears to give the effect of the wearer having golden irises. However, the team say the design allows the necessary components to be included in the device without blocking the wearer's view or irritating the eye.

When the pressure inside the eye increases, the gap between the upper and lower lenses decreases. This is detected by the pressure sensor by means of a cantilever. The sensor then sends a signal to the wireless system which subsequently triggers the release of an anti-glaucoma drug, from a hydrogel attached to an electrode, and enables it to cross the cornea of the eye. The drug, brimonidine, acts to reduce the pressure within the eye. The study reveals that the contact lenses have so far been tested on pigs' eyes and on the eyes of living rabbits -- albeit with smaller-sized lenses -- although trials have yet to be carried out in humans. The researchers note the lenses are not only soft and minimally invasive but are also battery-free, adding that the approach could be expanded to help tackle other eye diseases. "We can now imagine that a glaucoma sufferer wearing these contact lenses will not only receive real-time information about the pressures within the eye, since the contact lens has built-in wireless capacity and can easily communicate with an app on your smartphone, but also receive, for example, pressure-relieving drugs when needed," said Prof Zubair Ahmed from the Institute of Inflammation and Aging at the University of Birmingham. "The materials required to create such contact lenses are inexpensive and soon could be mass-produced," he added.

Sean Hollister writes via The Verge: Since 2013, AT&T has quietly bilked customers out of hundreds of millions of dollars with a bogus "administrative fee," a fee it more than doubled to $1.99 a month in 2018. For a few years there, a California class-action lawsuit made it seem like AT&T might finally get taken to task. But this week, both sides told a judge they'd settle for just $14 million -- meaning customers may get less than 10 percent of what they paid AT&T, while AT&T gets to keep on charging them. According to the proposed settlement agreement in Vianu v. AT&T Mobility -- which still needs to be approved by a judge -- just about every AT&T Wireless postpaid customer in California since 2015 will be eligible for an estimated payment of between $15 and $29.

But again, that's only a fraction of what AT&T's own records show it charged: $180 per customer on average since 2015, according to documents. The settlement "represents a refund of approximately 6-11 months of the average fees," they read. Meanwhile, the lawyers are likely to get $3.5 million. "The estimated payment amount represents a strong result for the Settlement Class, particularly given the substantial risks, costs, and delay of continued litigation," reads the proposed settlement agreement, going on to list all the ways that the lawyers suing AT&T believe that AT&T might still win the case. [...]

Oh, and you won't even get a check in the mail if you're still an AT&T customer, assuming this version of the settlement is approved. The money will be credited back to your AT&T account, where AT&T can dip its hand right back in again for that $1.99 -- or more if it feels emboldened enough to increase the fee yet again. (Admittedly, the AT&T account could be a more reliable way to make sure customers get money back.) The settlement websites can be found here.

An AT&T spokesperson issued the following response: "We deny the allegations in this lawsuit because we clearly disclose all fees that are charged to our customers. However, we have decided to settle this case to avoid lengthy, expensive litigation."

Biofire Technologies has raised $17 million in seed funding to further develop its smart gun, which uses a fingerprint sensor to unlock the trigger. Axios reports: Biofire's guns only can be fired by authorized users, which should exclude kids or teens from using guns that their parents didn't secure. Even if you're someone who decries firearms proliferation and supports stricter gun control, this is an innovation that should be welcomed. "I see firearm ownership continuing to be part of American culture for the foreseeable future," says Biofire founder and CEO Kai Kloepfer. "This issue has become so politicized that really nothing is being done, even for things that shouldn't be political in any way, like kids getting hold of guns ... A smart gun isn't a cure-all, but we do think that we can have an immediate and substantial impact."

Kloepfer, who dropped out of MIT to pursue Biofire, adds that the gun is being beta tested with law enforcement and firearms experts, and that it doesn't have any RFID or other wireless capabilities that could turn off prospective buyers A recent Morning Consult poll found that 55% of current gunowners would be comfortable using a smart gun.

Matter is a new open-source, interoperability smart home standard that's been created by over 200 companies to allow all of your devices to communicate with each other locally, without the need for a cloud. The Verge sat down with Michele Turner, the senior director of Google Smart Home Ecosystem, to hear how the company plans to implement Matter when it finally arrives later this year. Here's an excerpt from the interview: Matter has evolved substantially from that first meeting, and there have been delays and setbacks. Do you still feel confident in that original vision, that it's being carried through and is on track to achieve what you set out to do at that Woodside dinner three years ago?

Michele Turner: I do. And, in fact, I think it's exceeding our original vision in some ways. It's been incredibly heartening to see the enthusiasm and the adoption and the number of companies that have joined the CSA and the Matter workgroup. We're at 200 companies -- it's amazing.

How is Matter going to change the smart home experience for the Google Home user?

Michele Turner: "For the Google Home user, I think the bigger areas of Matter where they'll see change first is in getting your devices set up. I just set up some lights at my mother-in-law's house, and it still took me 45 minutes to set up four lights. It shouldn't have been so hard. The first thing is going to be that significantly simpler setup. The second piece is the speed and the reliability of the local network. This has been a big pain point for users. My team spent a lot of time working with partners on improving reliability and reducing latency. Because in our mind, if it's not as fast as a light switch, what's the point? We believe Matter's going to drive down those latency numbers significantly and improve the overall reliability of devices in the home. Then, I think interoperability for users is going to be a big piece. As much as we love having everybody using the Google Assistant, the reality is people have iPhones and Android phones in their homes. Some of them want to use HomeKit. We just don't have that kind of compatibility today for users. And I think that's hard. Being able to have multi-admin really work well between these ecosystems is going to be a big benefit for users.

Then, our long-term goal is to build out what we call the proactive home. Instead of having a whole bunch of connected devices, how do we build that truly proactive home that works for the benefit of users? ... Matter is going to be absolutely foundational to that. It's the architecture behind the proactive home. If we don't have a home that's reliable, if we don't have things running locally, if it doesn't work consistently, we cannot deliver on that promise. The proactive home is really that intelligence layer, whether it's being able to predict that I'm going upstairs, it's 10 at night, and I always go into my bedroom at that time, so turn on the lights for me; or, I'm watching TV, it's 9:30PM, the kids are in bed, and I get a notification on my phone that the lights just went on in the kid's bedroom. Is somebody sick? Are they watching YouTube? Being able to do anomaly detection. Now, Matter doesn't do that. But it's foundational to be able to enable the rest of that. Because if that core foundation of the home -- of the smart home -- isn't solid, the rest of it just doesn't work."

As you've said, Matter is complicated. And there's a lot of expectation that's been placed on its shoulders. What would you say is the biggest misconception right now with Matter?

Michele Turner: "I think the biggest misconception is that Matter is going to solve every problem in IoT. It doesn't have a native intelligence layer that's going to automatically give you the proactive home. In my mind, it's solving three very foundational things. It's solving making setup easier for the majority of the devices that people put in their homes. Not the majority of device types, necessarily, but the majority of devices people put in their homes. It's making the IoT more reliable and faster. And then it's going to solve this multi-admin problem. It's going to provide that device interconnectivity that we don't have today that is really great for users. While it's going to be a lot more than that, it's not today. But it's solving what we believe are really the core problems that have challenged adoption by mainstream users in the past." The report notes that all of Google's existing Nest branded smart speakers and displays will be upgraded to support Matter, "allowing you to use Google's voice assistant to control any Matter-enabled device in your home, no matter who made it."

An anonymous reader quotes a report from The Register: California Attorney General Rob Bonta on Wednesday welcomed the decision by a group of telecom and cable industry associations to abandon their legal challenge of the US state's net neutrality law SB822. "My office has fought for years to ensure that internet service providers can't interfere with or limit what Californians do online," said Bonta in a statement. "Now the case is finally over. Following multiple defeats in court, internet service providers have abandoned this effort to block enforcement of California's net neutrality law. With this victory, we've secured a free and open internet for California's 40 million residents once and for all."

In December 2017, then Federal Communications Commission (FCC) chair Ajit Pai tossed out the 2015 net neutrality rules put in place during the Obama administration, freeing broadband providers to block, throttle, and prioritize internet traffic, among other things -- all of which were disallowed under the 2015 rules. On September 30, 2018, then California Governor Jerry Brown signed into law Senate Bill 822 (SB822), which more or less restored those rules. That same day, the Justice Department under the Trump administration challenged the law, as subsequently did the broadband companies benefiting from what Pai at the time referred to as a "light-touch approach."

The Justice Department, under the Biden administration, ended its opposition to California's net neutrality law back in February, 2021. The industry plaintiffs continued fighting SB822 in court but faced a setback in January, 2022, when the US Court of Appeals for the Ninth Circuit refused to block the law's enforcement as litigation progressed. Now those groups -- ACA Connects (America's Communications Association), CTIA (The Wireless Association), NCTA (The Internet & Television Association), and USTelecom (The Broadband Association) -- have withdrawn too. The trade associations, with the agreement of Bonta, filed a joint stipulation of dismissal without prejudice [PDF], which ends the telco legal challenge but allows the claim to be refiled at some later date.

It's looking increasingly likely that Wi-Fi 7 will be an option next year. This week, Qualcomm joined the list of chipmakers detailing Wi-Fi 7 products they expect to be available to homes and businesses soon. From a report: The Wi-Fi Alliance, which makes Wi-Fi standards and includes Qualcomm as a member, has said that Wi-Fi 7 will offer a max throughput of "at least 30Gbps," and on Wednesday, Qualcomm said its Network Pro Series Gen 3 platform will support "up to 33Gbps." These are theoretical speeds that you likely won't reach in your home, and you'll need a premium broadband connection and Wi-Fi 7 devices, which don't exist yet. Still, the speeds represent an impressive jump from Wi-Fi 6 and 6E's 9.6Gbps.

The Federal Aviation Administration (FAA) will meet Wednesday with telecom and airline industry officials on a push to retrofit and ultimately replace some airplane radio altimeters that could face interference from C-Band 5G wireless service. Reuters reports: The altimeters give data on a plane's height above the ground and are crucial for bad-weather landings, but airline concerns about wireless interference from a planned 5G rollout led to disruptions at some U.S. airports earlier this year. The FAA wants to use the meeting to establish "an achievable timeframe to retrofit/replace radar altimeters in the U.S. fleet," according to a previously unreported letter from the FAA's top aviation safety official Chris Rocheleau reviewed by Reuters. It also asked aviation representatives "to offer options and commit to actions necessary to meet these objectives."

The planned three-and-a-half hour roundtable meeting will also include a discussion on prioritizing retrofits with antenna filters, which mitigate potential interference from 5G. Antenna filters are currently in production, officials said. A key question is how to determine which planes are most at risk of interference and should therefore get retrofitted first. The meeting will also look at what is set to happen after July 5 and outline "changes to U.S. national airspace operating environment as a result of future 5G C-band deployment in the coming months."

An anonymous reader quotes a report from Ars Techinca: It's not the kind of security discovery that happens often. A previously unknown hacker group used a novel backdoor, top-notch tradecraft, and software engineering to create an espionage botnet that was largely invisible in many victim networks. The group, which security firm Mandiant is calling UNC3524, has spent the past 18 months burrowing into victims' networks with unusual stealth. In cases where the group is ejected, it wastes no time reinfecting the victim environment and picking up where things left off. There are many keys to its stealth, including:

- The use of a unique backdoor Mandiant calls Quietexit, which runs on load balancers, wireless access point controllers, and other types of IoT devices that don't support antivirus or endpoint detection. This makes detection through traditional means difficult.
- Customized versions of the backdoor that use file names and creation dates that are similar to legitimate files used on a specific infected device.
- A live-off-the-land approach that favors common Windows programming interfaces and tools over custom code with the goal of leaving as light a footprint as possible.
- An unusual way a second-stage backdoor connects to attacker-controlled infrastructure by, in essence, acting as a TLS-encrypted server that proxies data through the SOCKS protocol.

The SOCKS tunnel allowed the hackers to effectively connect their control servers to a victim's network where they could then execute tools without leaving traces on any of the victims' computers. A secondary backdoor provided an alternate means of access to infected networks. It was based on a version of the legitimate reGeorg webshell that had been heavily obfuscated to make detection harder. The threat actor used it in the event the primary backdoor stopped working. [...] One of the ways the hackers maintain a low profile is by favoring standard Windows protocols over malware to move laterally. To move to systems of interest, UNC3524 used a customized version of WMIEXEC, a tool that uses Windows Management Instrumentation to establish a shell on the remote system. Eventually, Quietexit executes its final objective: accessing email accounts of executives and IT personnel in hopes of obtaining documents related to things like corporate development, mergers and acquisitions, and large financial transactions. "Unpacking this threat group is difficult," says Ars' Dan Goodin. "From outward appearances, their focus on corporate transactions suggests a financial interest. But UNC3524's high-caliber tradecraft, proficiency with sophisticated IoT botnets, and ability to remain undetected for so long suggests something more."

A new espionage actor is breaching corporate networks to steal emails from employees involved in big financial transactions like mergers and acquisitions. From a report: Mandiant researchers, which first discovered the advanced persistent threat (APT) group in December 2019 and now tracks it as "UNC3524," says that while the group's corporate targets hint at financial motivation, its longer-than-average dwell time in a victim's environment suggests an intelligence gathering mandate. In some cases, UNC3524 remained undetected in victims' environments for as long as 18 months, versus an average dwell time of 21 days in 2021.

Mandiant credits the group's success at achieving such a long dwell time to its unique approach to its use of a novel backdoor -- tracked as "QuietExit" -- on network appliances that do not support antivirus or endpoint detection, such as storage arrays, load balancers and wireless access point controllers. The QuietExit backdoor's command-and-control servers are part of a botnet built by compromising D-Link and LifeSize conference room camera systems, according to Mandiant, which said the compromised devices were likely breached due to the use of default credentials, rather than an exploit.

An anonymous reader shares a report: C onstance Chioma calls her son every morning to check that he is safe while studying in northeast Nigeria, a region plagued by deadly attacks by Islamist insurgents and armed kidnappings. Earlier this month, she could not get through. She later realised her SIM card was one of about 73 million - more than a third of the 198 million in Nigeria - which have been barred from making outgoing calls because they have not been registered in the national digital identity database.

[...] Nigeria is among dozens of African countries including Ghana, Egypt and Kenya with SIM registration laws that authorities say are necessary for security purposes, but digital rights experts here say increase surveillance and hurts privacy. Nigeria has been rolling out 11-digit electronic national identity cards for almost a decade, which record an individual's personal and biometric data, including fingerprints and photo. The National Identity Number (NIN) is required to open a bank account, apply for a driver's license, vote, get health insurance, and file tax returns. In 2020, Nigeria's telecommunications regulator said every active mobile phone number must be linked to the user's NIN. It repeatedly extended the deadline until March 31 this year. The government said outgoing calls were being barred from April 4 here from any mobile phone numbers that had not complied.

The governor of Michigan has announced America's first "public wireless in-road charging system," which would allow electric vehicles (EV) to charge — both while in motion and when stationary.

The GreenBiz site takes a look at this "inductive vehicle charging pilot program." There's perhaps no place more fitting for this pilot than Detroit. The city that led the nation's first wave of automobile technology is helping lead its second, as the Michigan Department of Transportation has awarded a $1.9 million contract to Electreon to install one mile of in-road EV charging in Motor City.

"Wireless is the future for this technology," said Stefan Tongur, vice president of business development for Electreon in the U.S. The wireless charging company is already building out the tech across Europe, where it has pilots in Germany, Italy and Sweden. The Michigan project is expected to be operational in 2023.

"We've always, for the past century, stopped to fuel the car, and we're thinking the same with EVs," Tongur said. But that creates many challenges when it comes to large-scale batteries and fleets especially, Tongur noted... So Electreon and others envision a network of strategic corridors with wireless, in-road charging that could gradually power vehicles along a route, rather than all at once at the destination. Fleet operators could either pay a subscription to use the chargers or integrate the costs into highway tolling, depending on the situation, Tongur said.

He described Electreon's business model as "charging as a service."
Alex Gruzen, CEO of wireless charging company WiTricity, tells the site this technology ultimately could accelerate the adoption of electric vehicles. "The company's own research indicates that wireless charging can increase a consumer's intent to purchase an EV by 68%, according to Gruzen, which could help move EVs beyond the early adopter stage."

Or, as Gruzen puts it, "What we want to do is show that the EV ownership experience can be better than any experience you've ever had with a car before."

Thanks to Slashdot reader doyouwantahotpocket for submitting the story.