The RISKS Digest
Volume 29 Issue 51

Friday, 6th May 2016

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Building Security Into Cyber-Physical Systems: NIST Researchers Suggest Approach for Trustworthy Modern Infrastructure
Evelyn Brown
White House Worries about Bad AI Coding
Patrick Thibodeau
Artificial Intelligence: Where's the Philosophical Scrutiny?
Vincent Conitzer
Jennifer the Robot
McSweeneys via Mark Thorson
Security Analysis of Emerging Smart Home Applications
Indian boy dies after shooting himself while taking a selfie
The Indian Express
Medical errors still abound
Voter ID Laws May Have Actually Increased The Likelihood Of Voter Fraud by Hackers
Dilbert on voting machines
Mark Thorson
RF-emission-based device identification
Data exposure of AfD members leads to harassment, death threat
Thomas Koenig
"Warrantless searches surge as online privacy dwindles"
Caroline Craig
"Windows 10 updates are now ruining pro-gaming streams"
The Guardian
Re: The last non-Internet Generation
Paul Russell
Re: Update on the outage
Olivier MJ Crepin-Leblond
Superb for Risks Readers - The Blame Game - BBC Radio 4
Lindsay Marshall
Info on RISKS (comp.risks)

Building Security Into Cyber-Physical Systems: NIST Researchers Suggest Approach for Trustworthy Modern Infrastructure (Evelyn Brown)

"ACM TechNews" <>
Fri, 6 May 2016 12:05:35 -0400 (EDT)
Evelyn Brown, *NIST News*, 4 May 2016 via ACM TechNews, 6 May 2016

A new draft publication from the U.S. National Institute of Standards and
Technology (NIST) proposes incorporating proven security design principles
and concepts into cyber-physical systems at every step, from conception to
deployment.  NIST Special Publication 800-160, based on the international
ISO/IEC/IEEE Standard 15288 for Systems and Software Engineering, recommends
a comprehensive, ground-up approach to baking in security.  NIST fellow Ron
Ross says current procedures for organizations--purchasing commercial
components and then tacking on security measures--"do not go far enough in
reducing and managing complexity, developing sound security architectures,
and applying fundamental security design principles."  The draft publication
applies security precepts to all of the ISO/IEC/IEEE standard's listed
technical processes, as well as to crucial non-engineering processes
involving systems such as management and support services.  The recommended
strategy begins with mission or business owners "valuing" their assets and
then applies security design principles and systems engineering processes to
develop suitable security requirements, architecture, and design.  "The
systems security engineering considerations...give organizations the
capability to strengthen their systems against cyberattacks, limit the
damage from those attacks if they occur, and make their systems survivable,"
Ross says.  Consultant Robert Bigman predicts the recommendations "will
become the de facto standard for integrating 'trustability' [hopefully,
trustworthiness!!!] into the design, development, deployment, and operation
of systems used both within government and commercial critical
infrastructure industries."

  [It's about time.  The low bar for untrustworthy supposedly-secure systems
  has been pitiful.  PGN

White House Worries about Bad AI Coding (Patrick Thibodeau)

"ACM TechNews" <>
Fri, 6 May 2016 12:05:35 -0400 (EDT)
Patrick Thibodeau, *Computerworld*, 5 May 2016, via ACM TechNews, 6 May 2016

The White House released a report this week examining the problems
associated with poorly designed systems that increasingly are being used in
automated decision-making.  The report warns algorithms may have so much
power in day-to-day life that it may be important to develop ethical
frameworks for designing automated computer systems.  In addition, the
report says automated computer systems may need to be transparent for
testing and auditing.  Meanwhile, a second effort has been studying the
future of algorithms through a series of four workshops held across the
U.S. to examine artificial intelligence's (AI) impact on society.  "We're
increasingly relying on AI to advise decisions and operate physical and
virtual machinery--adding to the challenge of predicting and controlling how
complex technologies will behave," says the U.S. Federal Trade Commission's
Ed Felten.  The federal government will produce an AI report following
workshops in Seattle, to be followed by meetings in Washington, D.C.,
Pittsburgh, and New York City in July.  The most pressing concern is
algorithmic systems designed to inadvertently discriminate because of bad
design.  The report notes a system also could use a poorly designed matching
system or could inadvertently restrict the flow of information.

Artificial Intelligence: Where's the Philosophical Scrutiny? (Vincent Conitzer)

"ACM TechNews" <>
Fri, 6 May 2016 12:05:35 -0400 (EDT)
Vincent Conitzer, *Prospect Magazine*, 4 May 2016

ACM TechNews, 6 May 2016
Read TechNews Online at:

There is little emphasis on the philosophical ramifications of artificial
intelligence (AI) research and development at AI conferences and other
scientific forums, with most researchers preferring to focus on technical
achievement, writes Duke University professor Vincent Conitzer.  He says
this tendency can be partly traced to AI scientists' push to have their work
respected by peers.  Bringing attention to philosophical issues in AI are
experts such as Nick Bostrom, director of Oxford University's Future of
Humanity Institute.  He is concerned with an "intelligence explosion" in
which humans build machines that exceed human intelligence, which in turn
build something that is even more intelligent, leading to ever-escalating
generations of smarter systems.  Another factor creating a disconnect
between mainstream AI researchers and those worried about the future has
been inaccurate predictions of how progress in the field would unfold, even
in the short term.  Issues about AI are being raised outside of the
discipline, with the American Association for the Advancement of Science
calling for 10 percent of the AI research budget to be channeled into
examining its societal effects.  Conitzer says it is in the AI community's
interest to get involved in this debate, lest the discussion be less
informed.  Currently absent is a way to engage with the more opaque
long-term philosophical issues, but AI's ability to make ethical decisions
is one subject in which immediate momentum appears possible.

Jennifer the Robot (McSweeneys)

Mark Thorson <>
Tue, 3 May 2016 18:38:27 -0700
A risk of overexposure to a voice-based user interface.

Security Analysis of Emerging Smart Home Applications (University of Michigan)

Jim Reisert AD1C <>
Tue, 3 May 2016 12:19:49 -0600
Summary and FAQ

We performed the first in-depth empirical security analysis of a popular
emerging smart home programming platform---Samsung SmartThings. We evaluated
the platform's security design, and coupled that with an analysis of 499
SmartThings apps (also called SmartApps) and 132 device handlers using
static code analysis tools that we built.

What are your key findings?

Our key findings are twofold. First, although SmartThings implements a
privilege separation model, we found that SmartApps can be overprivileged.
That is, SmartApps can gain access to more operations on devices than their
functionality requires. Second, the SmartThings event subsystem, which
devices use to communicate asynchronously with SmartApps via events, does
not sufficiently protect events that carry sensitive information such as
lock pincodes.

Why SmartThings?

Recently, several competing smart home programming frameworks that support
third party app development have emerged. These frameworks provide tangible
benefits to users, but can also expose users to significant security risks.
We analyzed Samsung-owned SmartThings because it has the largest number of
apps among currently available smart home platforms, and supports a broad
range of devices including motion sensors, fire alarms, and door locks.

Can you explain overprivilege, and what you found specifically for SmartThings?

Overprivilege is a security design flaw wherein an app gains access to more
operations on protected resources than it requires to complete its claimed
functionality. For instance, a battery manager app only needs access to read
battery levels of devices. However, if this app can also issue operations to
control the on/off status of those devices, that would be overprivilege. We
found two forms of overprivilege for SmartThings. First, coarse-grained
capabilities lead to over 55% of existing SmartApps to be overprivileged.
Second, coarse SmartApp-SmartDevice binding leads to SmartApps gaining
access to operations they did not explicitly ask for. Our analysis reveals
that 42% of existing SmartApps are overprivileged in this way.

How can attackers exploit these design flaws?

We exploited framework design flaws to construct four proof-of-concept
attacks that: (1) secretly planted door lock codes; (2) stole existing door
lock codes; (3) disabled vacation mode of the home; and (4) induced a fake
fire alarm. Details on how these attacks work are in our research paper
linked below.

Indian boy dies after shooting himself while taking a selfie (The Indian Express)

Jim Reisert AD1C <>
Tue, 3 May 2016 12:23:08 -0600
PTI, New Delhi, 1 May 2016

A 15-year-old boy who accidentally shot himself with his father's revolver
while taking a selfie died in Ludhiana on Sunday.  With bullet stuck in his
head, critically injured Ramandeep Singh was shifted to a hospital in
Ludhiana where he succumbed to his injuries.

The incident occurred Friday night night when Ramandeep was trying to take a
selfie on his mobile phone with the licensed .32 bore revolver while
pointing the weapon to his head, Pathankot Deputy Superintendent of Police
(City) Manoj Kumar said.

Medical errors still abound (WashPost)

Tue, 3 May 2016 23:39:19 +0000

Voter ID Laws May Have Actually Increased The Likelihood Of Voter Fraud by Hackers (FastCompany)

"Peter G. Neumann" <>
Wed, 4 May 2016 9:44:00 PDT

Dilbert on voting machines

Mark Thorson <>
Tue, 3 May 2016 18:43:22 -0700

RF-emission-based device identification (Phys.Org)

"Peter G. Neumann" <>
Thu, 5 May 2016 9:44:47 PDT
Radio frequency emission are considered incidental system noise in virtually
all laptops, smartphones and other electronic devices, but scientists at
Disney Research have found a way to use these spurious electromagnetic (EM)
signals to uniquely identify even seemingly identical devices.

Read more at:

Data exposure of AfD members leads to harassment, death threat

Thomas Koenig <>
Thu, 5 May 2016 16:04:08 +0200
A radical left web site recently posted personal data, including home and
e-mail addresses, of people attending two party conferences of the
Alternative für Deutschland, a German political party situated to the right
of the current German government.

The names include those of current AfD members, AfD ex-members and others
attending the conferences as guests.

Several hundreds of affected people have filed criminal charges.

So far, exposure of the data has led to harassment of several AfD members
and at least one murder threat.  Ironically, the person who went public with
the death threat is not even an AfD member.

"Warrantless searches surge as online privacy dwindles" (Caroline Craig)

Gene Wirchenko <>
Fri, 06 May 2016 10:14:59 -0700
Caroline Craig, InfoWorld, 6 May 2016
Not only are warrantless searches exploding in number, the boundaries
of warrants themselves are expanding

"Windows 10 updates are now ruining pro-gaming streams" (The Guardian)

Gene Wirchenko <>
Fri, 06 May 2016 10:09:10 -0700
Forcing a gaming PC to update mid-game during a livestream to up to 130,000
followers isn't best advert for the software

Re: The last non-Internet Generation (RISKS-29.50)

Paul Russell <>
Fri, 6 May 2016 13:08:27 -0400
In a posting dated 3 May 2016, Paul Robinson describes a world in which
broadband Internet access is nearly ubiquitous. Apparently, Mr. Robinson
spends all his time in large metropolitan areas. There are vast swaths of
rural America where dial-up is still the only option for Internet access.
Ah, but you have a smartphone which can be used as an Internet hotspot.
Good luck finding a data connection in rural America. The cellular service
providers have no incentive to spend money to upgrade towers to support data
service because there are so few smartphone users in these areas. And there
are so few smartphone users because there is no data service.

Paul Russell, Lakeville, Indiana USA

Re: Update on the outage

Olivier MJ Crepin-Leblond <>
Wed, 4 May 2016 16:09:43 +0200
  [Lindsay Marshall <> reports:
  I am seeing signs of life from catless! So resuscitation is in
  progress. No web yet and not visible to the outside world, but I'm
  getting error messages.  LM

    [As of Thursday 5 May, we have moved all of the catless-based RISKS
    subscribers to the SRI distribution system.  CATLESS subscribers should
    be receiving this issue directly from SRI.COM.  Some of you will be very
    grateful when CATLESS once again becomes CATalogued as browsable.  PGN]

Dear Lindsay,

Thanks for the notice. Wow - that's a page turned, closing the NCL
redistribution of RISKS!

I hope that Peter will propose a vote of thanks by acclamation on behalf
of all UK based RISKS readers! I remember when you set this list up...
and transatlantic bandwidth was scarce. How the Internet has changed!
It's another world now.
Thanks so much and warmest regards,

  [Yes, ABSOLUTELY!  We are deeply indebted to Lindsay Marshall for his
  steadfast help in maintaining the official searchable RISKS repository.

Re: Update on the outage

Tue, 3 May 2016 14:18:56 -0700
This is good to know.

I was assuming that the repository went offline because of the "Man
accidentally 'deletes his entire company' with one line of bad code" story
from the Independent that was making the rounds about that time.

Schweitzer Engineering Laboratories, Pullman, WA  99163

Superb for Risks Readers - The Blame Game - BBC Radio 4

Lindsay Marshall <>
Wed, 4 May 2016 09:25:16 +0000
This was sent to me by Chris Cartledge:

>Every Risks reader sh/could read this:
>Kind Regards and Best Wishes
>Chris Cartledge

Please report problems with the web pages to the maintainer