Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit precedence: bulk Subject: Risks Digest 32.96 RISKS-LIST: Risks-Forum Digest Wednesday 28 December 2021 Volume 32 : Issue 96 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/32.96> The current issue can also be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Wing Resumes Drone Deliveries in Canberra After Raven Attacks Forced Pause During Nesting Season (ABC Australia) The human factor fails and is caught in U.S. nuclear plant inspections (NBC12) The CIA Is Deep Into Cryptocurrency, Director Reveals (Vice) U.S. FAA Issues Draft Airworthiness Directives Highlighting impact of 5G on Radar Altimeters (FAA) AWS us-east-1 outage brings down services around the world (DatacenterDynamics) Google finally knows which app to blame for Android's mysterious can't-call-911 bug (Android Police) 'The Beatles: Get Back' shows that deepfake tech isn't always evil (ZDNet) Inside Tesla as Elon Musk Pushed an Unflinching Vision for Self-Driving Cars (NYTimes) A New Tesla Safety Concern: Drivers Can Play Video Games in Moving Cars (NYTimes) log4j (collected from Dan Goodin and others) A $92,000 flying car can reach speeds of 63 miles per hour (Business Insider) Researchers unveil new cyber-protections against "logic bombs" (techxplore) Researchers Made a Camera That's the Size of a Grain of Salt (Vice) A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution (Goggle Project Zero) Twitter Spaces is being used by the Taliban and white nationalists (WashPost) Next year's Android smartphones will be watching you (The Verge) Re: Australia's AI Cameras Catch Over 270,000 Drivers Using Phones (Nic Fulton) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Wed, 15 Dec 2021 12:28:01 -0500 (EST) From: ACM TechNews <technews-editor@acm.org> Subject: Wing Resumes Drone Deliveries in Canberra After Raven Attacks Forced Pause During Nesting Season (ABC Australia) Markus Mannheim, ABC News Australia 10 Dec 2021 via ACM TechNews, Wednesday, December 15, 2021 Alphabet's Wing subsidiary has relaunched drone-based coffee and fast food deliveries to the Harrison suburb of Canberra, Australia, following the service's suspension in September due to attacks by nesting ravens. Ornithologist Neil Hermes discovered a pair of ravens had a nest with three chicks in a tree near a Wing customer; the ravens were approaching the drones from behind, as they would if the drone were a predator and they were trying to encourage it to leave. The service restarted after the chicks had fledged (grown wing feathers large enough for flight). Said Hermes, "We certainly need to be careful to ensure that we're aware of the impacts [of what we're doing]." https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2d9e6x230174x072181& ------------------------------ Date: Mon, 13 Dec 2021 17:08:24 -0800 From: "Rob Wilcox" <robwilcoxjr@gmail.com> Subject: The human factor fails and is caught in U.S. nuclear plant inspections (NBC12) https://www.nbc12.com/2021/12/13/former-inspector-virginia-nuclear-plant-pleads-guilty-falsifying-inspection-reports/ Former inspector of Virginia nuclear plant pleads guilty of falsifying inspection reports [image: North Anna Nuclear Power Station. (Source: Dominion Virginia Power)] North Anna Nuclear Power Station. (Source: Dominion Virginia Power) NBC12 Newsroom 13 Dec 2021 and updated LOUISA Co., Va. (WWBT) - The former senior resident inspector of the North Anna Nuclear Power Station pleaded guilty to making false statements on inspection reports. Sixty-year-old Gregory Croon of Tennessee worked for the U.S. Nuclear Regulatory Commission (NRC) and was working at the North Anna plant between 2016 and 2018. On Monday, Croon pleaded guilty to falsifying inspection reports in federal court. ``The accuracy of NRC inspection reports is critical to the NRC's oversight of licensees' safe operation of nuclear power plants around the nation,'' said NRC Inspector General Robert J. Feitel. ``Croon's false statements could have jeopardized that safety oversight function.'' Federal officials did not say if there were any short or long-term safety concerns following the investigation, only that the false reports could have jeopardized the safety oversight of the plant. ``The combined efforts of the NRC OIG special agents and our law enforcement partners yielded an appropriate and just result in this case. Nonetheless, it is vital to remember that we must all remain vigilant, watch for fraudulent activity, and report it promptly,'' Croon will be sentenced in March. ------------------------------ Date: Tue, 7 Dec 2021 12:14:59 -1000 From: geoff goodfellow <geoff@iconia.com> Subject: The CIA Is Deep Into Cryptocurrency, Director Reveals (Vice) *CIA Director William Burns said the agency has "a number of different projects focused on cryptocurrency" on the go.* There's a long-running conspiracy theory among a small number of cryptocurrency enthusiasts that Bitcoin's anonymous inventor, Satoshi Nakamoto, was actually the CIA or another three-lettered agency. That fringe theory is having a fresh day in the sun after CIA Director William Burns said on Monday that the intelligence agency has "a number of different projects focused on cryptocurrency" on the go. Burns made his comments at the tail end of a talk at the Wall Street Journal 's CEO Summit. After discussing everything from the possible Russian invasion of Ukraine to the challenges of space, someone in the audience asked if the agency is on top of cryptocurrencies, which are currently at the center of the ransomware epidemic that U.S. officials are attempting to get a handle on and stamp out. Here's what Burns said: <https://www.wsj.com/video/events/cia-director-on-today-global-challenges/C60765B3-8C1C-495F-8094-99E64C6637A5.html> "This is something I inherited. My predecessor had started this, but had set in motion a number of different projects focused on cryptocurrency and trying to look at second- and third-order consequences as well and helping with our colleagues in other parts of the U.S. government to provide solid intelligence on what we're seeing as well." This is hardly surprising given the focus ransomware is getting from every corner of government. This year, a ransomware attack targeting a pipeline company led to a shutdown, panic buying, and a gas shortage in several states. <https://www.vice.com/en/article/dyvpyw/everything-you-need-to-know-about-the-pipeline-hack> Cryptocurrencies "could have enormous impact on everything from ransomware attacks, as you mentioned, because one of the ways of getting at ransomware attacks and deterring them is to be able to get at the financial networks that so many of those criminal networks use and that gets right at the issue of digital currencies as well," Burns said. [...] https://www.vice.com/en/article/dyp7vw/the-cia-is-deep-into-cryptocurrency-director-reveals ------------------------------ Date: Wed, 8 Dec 2021 19:50:30 -0000 From: "paul cornish" <paul.a.cornish@googlemail.com> Subject: U.S. FAA Issues Draft Airworthiness Directives Highlighting impact of 5G on Radar Altimeters (FAA) On 7 Dec 2021 the U.S. federal Aviation Administration issued draft Airworthiness Directives related to possible interference between 5G telecoms (including 5G handsets) and aircraft Radar altimeters. This AD was prompted by a determination that radio altimeters cannot be relied upon to perform their intended function if they experience interference from wireless broadband operations in the 3.7-3.98 GHz frequency band as used by 5G. It is based on a world wide task force managed by RTCA. It found that: 1. The likelihood and severity of radio frequency interference increases for operations at lower altitudes. 2. That interference could cause the radio altimeter to either become inoperable or present misleading information The FAA determined that, at this time, no information has been presented that shows radio altimeters are not susceptible to interference caused by C-Band emissions permitted in the United States. The FAA will examine all airports across the U.S. to identify those with nearby 5G base stations and will issue NOTAMs advising of the issues. As background the radio altimeter is more precise than a barometric altimeter and for that reason is used where aircraft height over the ground needs to be precisely measured, such as auto-land or other low altitude or low-viz operations. It also feeds accurate height data to auto-pilot and auto landing systems. So it looks like just when the radar altimeter must be performing at its absolute best (ie near the ground) it could be impacted by 5G transmissions which could severely impact the safe flight of the aircraft. For more info see https://www.faa.gov/newsroom/faa-statement-5g and its attachments. [Also noted by Monty Solomon. PGN] ------------------------------ Date: Tue, 7 Dec 2021 10:21:43 -0800 From: "Lauren Weinstein" <lauren@vortex.com> Subject: AWS us-east-1 outage brings down services around the world (DatacenterDynamics) https://www.datacenterdynamics.com/en/news/aws-us-east-1-outage-brings-down-services-around-the-world/ ------------------------------ Date: Wed, 8 Dec 2021 16:15:27 -0800 From: "Lauren Weinstein" <lauren@vortex.com> Subject: Google finally knows which app to blame for Android's mysterious can't-call-911 bug (Android Police) I think it's very notable that a LANDLINE saved the day. No apps to confuse them. They just work. LW https://www.androidpolice.com/google-finally-knows-which-app-to-blame-for-androids-mysterious-cant-call-911-bug/ ------------------------------ Date: Wed, 8 Dec 2021 00:11:21 -0500 From: "Gabe Goldberg" <gabe@gabegold.com> Subject: 'The Beatles: Get Back' shows that deepfake tech isn't always evil (ZDNet) The machine learning technology used here is very similar (if not identical) to what has been used in the past for deepfakes, making fake video look and sound real. A prime example of this is the Emmy Award-winning demonstration video produced by MIT's Center for Advanced Virtuality, "In Event of Moon Disaster," which depicts then-president Nixon reading a prepared statement that the Apollo 11 astronauts had perished in a catastrophe. To create it, MIT used Nixon's likeness and speech from television appearances and fed it into a machine learning system to synthesize the audio and video and produce the uncanny film. The demonstration is a warning that these technologies can be used for nefarious purposes. There are currently efforts underway, such as with the Coalition for Content Provenance and Authenticity (C2PA), to create standards for providing context and history for digital media to prove the authenticity for a particular image or video/audio stream in the future can be established, as it is expected that these technologies will be used much more heavily in the future. So can this deepfake technology be used for evil? Yes. But if Get Back proves anything, it shows it can be used for "deep restoration" as well. A great deal of vintage content can be repaired in this way, be it original films or archival footage that can make it look brand new again -- or the freshest they have ever looked and shown on modern content delivery platforms. https://www.zdnet.com/article/the-beatles-get-back-shows-that-deepfake-tech-isnt-always-evil/ -- Gabriel Goldberg, Computers and Publishing, Inc. gabe@gabegold.com 3401 Silver Maple Place, Falls Church, VA 22042 (703) 204-0433 LinkedIn: http://www.linkedin.com/in/gabegold Twitter: GabeG0 ------------------------------ Date: Tue, 7 Dec 2021 01:23:50 -0500 From: "Gabe Goldberg" <gabe@gabegold.com> Subject: Inside Tesla as Elon Musk Pushed an Unflinching Vision for Self-Driving Cars (NYTimes) In addition, some who have long worked on autonomous vehicles for other companies — as well as seven former members of the Autopilot team — have questioned Tesla's practice of constant modifications to Autopilot and F.S.D., pushed out to drivers through software updates, saying it can be hazardous because buyers are never quite sure what the system can and cannot do. https://www.nytimes.com/2021/12/06/technology/tesla-autopilot-elon-musk.html ------------------------------ Date: Tue, 7 Dec 2021 14:10:10 -0500 From: "Gabe Goldberg" <gabe@gabegold.com> Subject: A New Tesla Safety Concern: Drivers Can Play Video Games in Moving Cars (NYTimes) The feature raises fresh questions about whether Tesla is compromising safety as it rushes to add new technologies. Not long after buying a Tesla Model 3 this summer, Vince Patton saw a YouTube clip highlighting a feature that took him by surprise: three video games that can be played on the large touch screen mounted in front of the dashboard — while driving down the road. “I thought surely that can’t be right,” Mr. Patton, a retiree in Lake Oswego, Ore. But in a parking lot, he gave it a try, and he was able to play a solitaire game on the Model 3 while in motion. “I only did it for like five seconds and then turned it off,” he said. “I’m astonished. To me, it just seems inherently dangerous.” The automaker added the games in an over-the-air software update that was sent to most of its cars this summer. They can be played by a driver or by a passenger in full view of the driver, raising fresh questions about whether Tesla is compromising safety as it rushes to add new technologies and features in its cars. https://www.nytimes.com/2021/12/07/business/tesla-video-game-driving.html Tesla, not playing with a full deck... ------------------------------ Date: Thu, 16 Dec 2021 11:39:31 PST From: Peter G Neumann <neumann@csl.sri.com> Subject: log4j (collected from Dan Goodin and others) U.S. Cert: Security experts around the world raced Friday, Dec. 10, 2021, to patch one of the worst computer vulnerabilities discovered in years, a critical flaw in open-source code widely used across industry and government in cloud services and enterprise software. Cybersecurity experts say users of the online game Minecraft have already exploited it to breach other users by pasting a short message into in a chat box. Credit: AP Photo/Damian Dovarganes, File Security experts around the world raced Friday to patch one of the worst computer vulnerabilities discovered in years, a critical flaw in open-source code widely used across industry and government in cloud services and enterprise software. "I'd be hard-pressed to think of a company that's not at risk," said Joe Sullivan, chief security officer for Cloudflare, whose online infrastructure protects websites from malicious actors. Untold millions of servers have it installed, and experts said the fallout would not be known for several days. https://us-cert.cisa.gov/ncas/current-activity/2021/12/10/apache-releases-log4j-version-2150-address-critical-rce - - - - Monty Solomon <monty@roscom.com>: Hackers launch over 840,000 attacks through Log4J flaw https://arstechnica.com/information-technology/2021/12/hackers-launch-over-840000-attacks-through-log4j-flaw/ - - - - Monty Solomon <monty@roscom.com> As Log4Shell wreaks havoc, payroll service reports ransomware attack https://arstechnica.com/information-technology/2021/12/as-log4shell-wreaks-havoc-payroll-service-reports-ransomware-attack/ - - - - Dan Goodin, Ars Techica, 9 Dec 2021 Zero-day in ubiquitous Log4j tool poses a grave threat to the Internet Minecraft is the first, but certainly not the last, app known to be affected. <https://arstechnica.com/information-technology/2021/12/minecraft-and-other-apps-face-serious-threat-from-new-code-execution-bug/> Exploit code has been released for a serious code-execution vulnerability in Log4j, an open source logging utility that's used in countless apps, including those used by large enterprise organizations, several websites reported last Thursday. Word of the vulnerability first came to light on sites catering to users of Minecraft, the best-selling game of all time. The sites warned that hackers could execute malicious code on servers or clients running the Java version of Minecraft by manipulating log messages, including from things typed in chat messages. The picture became more dire still as Log4j was identified as the source of the vulnerability, and exploit code was discovered posted online. A big deal ``The Minecraft side seems like a perfect storm, but I suspect we are going to see affected applications and devices continue to be identified for a long time,'' HD Moore, founder and CTO of network discovery platform Rumble, said. ``This is a big deal for environments tied to older Java runtimes: Web front ends for various network appliances, older application environments using legacy APIs, and Minecraft servers, due to their dependency on older versions for mod compatibility.'' Reports are already surfacing of servers performing Internet-wide scans in attempts to locate vulnerable servers. Log4j is incorporated into a host of popular frameworks, including Apache Struts2, Apache Solr, Apache Druid, and Apache Flink. That means that a dizzying number of third-party apps may also be vulnerable to exploits of the same high severity as those threatening Minecraft users. At the time this post went live, there wasn't much known about the vulnerability. One of the few early sources providing a tracking number for the vulnerability was Github, which said it's CVE-2021-44228. Security firm Cyber Kendra on late Thursday reported a Log4j RCE Zero day being dropped on the Internet and concurred with Moore that ``there are currently many popular systems on the market that are affected.'' The Apache Foundation has yet to disclose the vulnerability, and representatives there didn't respond to an email. This Apache page does acknowledge the recent fixing of a serious vulnerability. Moore and other researchers said the Java deserialization bug stems from Log4j making network requests through the JNDI to an LDAP server and executing any code that's returned. The bug is triggered inside of log messages with use of the ${} syntax. Additional reporting from security firm LunaSec said that Java versions greater than 6u211, 7u201, 8u191, and 11.0.1 are less affected by this attack vector, at least in theory, because the JNDI can't load remote code using LDAP. Hackers may still be able to work around this by leveraging classes already present in the target application. Success would depend on whether there are any dangerous gadgets in the process, meaning newer versions of Java may still prevent code execution but only depending on the specifics of each application. LunaSec went on to say that cloud services from Steam and Apple iCloud have also been found to be affected. Company researchers also pointed out that a different high-severity vulnerability in struts led to the 2017 compromise of Equifax, which spilled sensitive details for more than 143 million U.S. consumers. Cyber Kendra said that in November the Alibaba Cloud security team disclosed a vulnerability in Log4j2 -- the successor to Log4j -- that stemmed from recursive analysis functions, which attackers could exploit by constructing malicious requests that triggered remote code execution. The firm strongly urged people to use the latest version of Log4j2 available here. What it means for Minecraft The Spigot gaming forum said that Minecraft versions 1.8.8 through the most current 1.18 release are all vulnerable, as did other popular game servers such as Wynncraft. Gaming server and news site Hypixel, meanwhile, urged Minecraft players to take extra care. ``The issue can allow remote access to your computer through the servers you log into,'' site representatives wrote. ``That means any public server you go onto creates a risk of being hacked.'' Reproducing exploits for this vulnerability in Minecraft aren't straightforward because success depends not only on the Minecraft version running but also on the version of the Java framework the Minecraft app is running on top of. It appears that older Java versions have fewer built-in security protections that make exploits easier. On Friday, Minecraft rolled out a new game version that fixes the vulnerability. "We are aware of recent discussions regarding a public exploitation of a Log4j remote code execution vulnerability affecting various industry-wide Apache products," Microsoft said in a statement. "We've taken steps to keep our customers safe and protected, which includes rolling out a fix that blocks this issue for Java Edition 1.18.1. Customers who apply the fix are protected.'' ------------------------------ Date: Tue, 7 Dec 2021 12:44:52 -1000 From: geoff goodfellow <geoff@iconia.com> Subject: A $92,000 flying car can reach speeds of 63 miles per hour (Business Insider) If you've always dreamed of flying to work, that dream may very soon be a reality. If you have $92,000, that is. Companies are always looking for new market niches, and flying cars are quickly becoming the next big thing. There are plans for cars that both fly and work on the road and for flying taxis that will aim to form the basis of future travel. Jetson is one of these companies. The company aims "to make the skies available for everyone with our safe personal electric aerial vehicle," according to its website. The company's first flying car, Jetson One, is already on sale. Jetson One has a maximum speed of 63mph thanks to its eight electric motors which generate 102 horsepower. The car can run continually for 20 minutes. [...] https://www.businessinsider.com/new-flying-car-goes-63-mph-20-minutes-costs-92000-2021-12 ------------------------------ Date: Sat, 11 Dec 2021 10:17:57 +0800 From: "Richard Stein" <rmstein@ieee.org> Subject: Researchers unveil new cyber-protections against "logic bombs" (techxplore.com) https://techxplore.com/news/2021-12-unveil-cyber-logic.html "The researchers looked into Mystique, a new class of attacks on printed objects that leverage emerging 4D printing technology to introduce embedded computer code—or logic bombs—by manipulating the manufacturing process. "Mystique enables visually harmless objects to behave maliciously when a logic bomb is triggered by a stimulus such as changes in temperature, moisture, pH or modifications to the materials used initially, potentially causing catastrophic operational failures when they are used." 4D printing (see https://en.wikipedia.org/wiki/4D_printing) applies 3D printer technology with "ink" (gels, fibers, polymers, etc.) sensitized to adjust their shape or material properties in response to environmental conditions: pH, temperature, stress, humidity, magnetic field, sound level, etc. The "Mystique" class of defects and vulnerabilities might arise in a printed structures such as artificial bone or tissue foundation. The essay discusses means of Mystique-injected defect detection using CAT scans and material sensors to ensure specified manufactured product outcome before shipping to a customer. [Trust that neither the inspection verification measures, nor the employees with product release approval, are compromised.] ------------------------------ Date: Tue, 7 Dec 2021 12:12:28 -1000 From: geoff goodfellow <geoff@iconia.com> Subject: Researchers Made a Camera That's the Size of a Grain of Salt (Vice) *It can take images that are better than existing tech.* A newly-developed camera the size of a grain of salt can take clear, full-color images at the level of cameras that are 500,000 times larger. Researchers at Princeton University and the University of Washington created a new type of optical system, called a metasurface, to shrink the camera's hardware down to size, and combined this with machine-learning image processing that enables the camera to produce clear images in natural lighting. Previously, micro-cameras could only produce useful images in perfect laboratory settings, according to the researchers <https://engineering.princeton.edu/news/2021/11/29/researchers-shrink-camera-size-salt-grain>. Their work is published in the journal *Nature*. <https://www.nature.com/articles/s41467-021-26443-0> Each camera consists of 1.6 million cylindrical posts which interact with light to produce the images. These posts are as small as the human immunodeficiency virus (HIV). The surfaces are made from silicon nitride, a material that makes them compatible with computing microchip manufacturing. This means they'd be cheaper and faster to produce than current full-size camera lenses. [...] https://www.vice.com/en/article/4awxvg/researchers-made-a-camera-thats-the-size-of-a-grain-of-salt ------------------------------ Date: Wed, 15 Dec 2021 13:33:35 -0500 From: Monty Solomon <monty@roscom.com> Subject: A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution (Goggle Project Zero) Earlier this year, Citizen Lab managed to capture an NSO iMessage-based zero-click exploit being used to target a Saudi activist. In this two-part blog post series we will describe for the first time how an in-the-wild zero-click iMessage exploit works. Based on our research and findings, we assess this to be one of the most technically sophisticated exploits we've ever seen, further demonstrating that the capabilities NSO provides rival those previously thought to be accessible to only a handful of nation states. https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html ------------------------------ Date: Mon, 13 Dec 2021 00:56:14 -0500 From: Gabe Goldberg <gabe@gabegold.com> Subject: Twitter Spaces is being used by the Taliban and white nationalists (WashPost) Employees who complained about the lack of moderation say they were sidelined. https://www.washingtonpost.com/technology/2021/12/10/twitter-turmoil-spaces/ ------------------------------ Date: Tue, 7 Dec 2021 10:46:09 -1000 From: geoff goodfellow <geoff@iconia.com> Subject: Next year's Android smartphones will be watching you (The Verge) *Qualcomm's new always-on smartphone camera is a potential privacy nightmare* Your phone's front camera is always securely looking for your face, even if you don't touch it or raise to wake it. i That's how Qualcomm Technologies vice president of product management Judd Heape introduced the company's new always-on camera capabilities <https://youtu.be/3H6tfcZLHfg?t=10758> in the Snapdragon 8 Gen 1 processor set to arrive in top-shelf Android phones early next year. <https://www.theverge.com/2021/11/30/22809687/qualcomm-snapdragon-8-gen-1-chip-smartphone-processor-specs-details> Depending on who you are, that statement can either be exciting or terrifying. For Qualcomm, it thinks this new feature will enable new use cases, like being able to wake and unlock your phone without having to pick it up or have it instantly lock when it no longer sees your face. But for those of us with any sense of how modern technology is used to violate our privacy, a camera on our phone that’s always capturing images *even when we’re not using it* sounds like the stuff of nightmares and has a cost to our privacy that far outweighs any potential convenience benefits. Qualcomm's main pitch for this feature is for unlocking your phone any time you glance at it, even if it's just sitting on a table or propped up on a stand. You don't need to pick it up or tap the screen or say a voice command -- it just unlocks when it sees your face. I can see this being useful if your hands are messy or otherwise occupied (in its presentation, Qualcomm used the example of using it while cooking a recipe to check the next steps). Maybe you’ve got your phone mounted in your car, and you can just glance over at it to see driving directions without having to take your hands off the steering wheel or leave the screen on the entire time. The company is also spinning it as making your phone *more secure* by automatically locking the phone when it no longer sees your face or detects someone looking over your shoulder and snooping on your group chat. It can also suppress private information or notifications from popping up if you’re looking at the phone with someone else. Basically, if you're not looking at it, your phone is locked; if it can see you, it will be unlocked. If it can see you *and* someone else, it can automatically lock the phone or hide private information or notifications from displaying on the screen. [...] https://www.theverge.com/22811740/qualcomm-snapdragon-8-gen-1-always-on-camera-privacy-security-concerns ------------------------------ Date: Wed, 15 Dec 2021 12:57:11 +1100 From: Nic Fulton <nicfulton@gmail.com> Subject: Re: Australia's AI Cameras Catch Over 270,000 Drivers Using Phones (RISKS-32.95) > You asked "Is it illegal to use your cell-phone for navigation purposes? > What is the difference between that and a built-in screen for navigation? https://roadsafety.transport.nsw.gov.au/stayingsafe/mobilephones/know-the-rules.html has the answer. You have to mount the phone in an approved cradle. "2. Can I touch my phone if it is in a cradle? If your phone is secured in a cradle, you can only touch your phone: * To make or receive a phone call; * For audio playing functions; or * For using a driver's aid (such as navigation)." I hope this helps. The law is pretty sensible, which is good, I guess. [Also noted discursively by Peter Knoppers, also by Simon Wright and John Levine, albeit more tersely. PGN] ------------------------------ Date: Mon, 1 Aug 2020 11:11:11 -0800 From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume/previous directories or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00 ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 32.96 ************************