TechLetters #168 Major breakthrough in quantum computer design. Treaty prohibiting some uses of autonomous weapons systems (AI drones, etc). Passkeys/Webauthn vs Competition. Hotel keys broken.
Security
36-year security vulnerability in hotel keys. Attackers only need one card to any room in order to forge the card to enter any room. The vulnerability is being fixed.
WebGPU prone to cache side-channel attack via the web browser. Example potential impact: leaking a full AES encryption key in minutes. Another: helping to steal passwords by monitoring inter-keystroke frequencies. All the user has to do is to enter a website. No action needed.
Criticism of Passkeys/WebAuthn, the advertised password replacement. "WebAuthn is a questionable standard. It removes almost all risks from the service provider and puts all responsibility on the user". Including regulatory risks? Still, the concept is a useful alternative to passwords. Here’s a technical overview, but it also notes the potential issue of competition: “It solves one of the main problems of previous security keys which was the user back-up. However, this may lock the user to a specific vendor because passkeys are not synchronized between devices of different ecosystem like Apple and Google”.
Bedbug disinformation in France. The panic in France in 2023 over the alleged spread of bed bugs was amplified by disinformation on social media accounts linked to the Russian state. Schools were being closed. Authorities said there was no trace of any unusual outbreak.
Apple Mx processors data leak. Security flaw in Apple M1/M2 processor architecture. Information leaks. Encryption keys can be stolen. Cannot be fixed at the processor level (might be mitigated in software implementations). Apple did not say if M3 are affected. It would not be in breach of EU Directive on product liability. Releasing insecure software would breach EU law. The vulnerability was reported in December 2023, M3 was released in October 2023. So provisions of EU Directive on defective products do not apply.
Privacy
Reconstructing user queries typed to AI/LLM chat assistants/models. To steal private information by monitoring network packets (side channel analysis).
Meta is considering lowering Facebook/Instagram fee. Down to €5.99 (users have the choice of not paying: watching ads). NGOs say this is a false choice. Advertising groups want a chance to consult in EDPB opinion. Meanwhile, sso far EU General Court upheld fee-or-ads for now.
Technology Policy
U.S. justice anti-competition lawsuit against Apple speaks of privacy. It argues that "Apple wraps itself in a cloak of privacy, security, and consumer preferences to justify its anticompetitive conduct". Indeed, this decade is about privacy vs competition. The lawsuit has some weaker points too. For example, there's no need to share private data with merchants in a store or at the cafeteria. Banks and Apple are not the only actors. So Apple Pay is some masking layer, even despite its lack of clarity about shared data. Anyway, prepare for privacy vs competition, also in Europe.
Other
Protracted attritional warfare is challenging fashionable Western strategies. Economic, human and technological issues to the point of exhaustion. The most likely vision of a Russia-NATO or US-China war, unpopular with Western planners because it is incompatible with preferences? Cheap, mass-produced weapons are superior than scarce ‘intelligent and advanced’ tech.
The ICRC is calling for legally binding (treaty?) addition to international humanitarian laws. So laws of armed conflict. To regulate AI/lethal autonomous weapons systems (AWS). "requires weapon users to be able to anticipate, control and limit the effects of those weapons" and prohibits some uses. “The instrument should provide that it is prohibited in all circumstances to develop, produce, otherwise acquire, stockpile or retain, or transfer, directly or indirectly to anyone, or to use any autonomous weapon system that is designed or of a nature, or used in such a manner that does not allow a human user to both (1) understand, predict and explain how the AWS will function in any normal or expected circumstances of use, in particular what circumstances or conditions will trigger the system to apply force, and (2) predict and limit the effects of the AWS in all such circumstances”
New research in quantum computers. Impressive. 6100 ~qubits with 99.9% reliability, long-lived control (23 minutes! 12.6s coherence) based on Cesium atoms. Universal quantum computing with ten thousand atomic qubits could be a near-term prospect. Most impressive. Perhaps will refine the quantum computer development timeline.
In case you feel it's worth it to forward this content further:
Subscribed
If you’d like to share: