The RISKS Digest
Volume 32 Issue 48

Friday, 5th February 2021

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…

Contents

The Cyberweapons Arms Race
Nicole Perlroth
Google uncovers new iOS security feature Apple quietly added after zero-day attacks
geoff goodfellow
Killed by Google - the Google graveyard
Dan Jacobson
Critical Bugs Found in Popular Realtek Wi-Fi Module for Embedded Devices
The Hacker News
NASA's space junk problem
Axios
AI Can Tell What Song You Are Listening to From Your Brainwaves
Matthew Sparkes
The iPhone's Face ID Will Soon Work With a Mask—if You Have an Apple Watch
WiReD
How Google Searches Reveal the Hidden Cost of Lockdown
U.Warwick
F-35's Buggy Software Prompts Pentagon to Call in Universities
Bloomberg
Ford cuts F-150 pickup truck production due to semiconductor chip shortage
CNBC
Amazon Netradyne Driver Information on Vimeo
Gabe Goldberg
The Down Side to Life in a Supertall Tower: Leaks, Creaks, Breaks
NYTimes
A Vast Web of Vengeance
NYTimes
Will Australia ban VPNs?
Lauren Weinstein
Maybe Set A Calendar Reminder For Summer: Your Virginia E-Z Pass May Be Inactive
DCist
Ballot-Marking Devices in Georgia
Andrew Appel
No Flash, no trains
Apple Daily
Re: The ‘Dumb Money’ Outfoxing Wall Street Titans
Henry Baker
Re: The Creeping Normalization of Robotic Police Officers
Amos Shapir
Re: An old arrest can follow you forever online…
Henry Baker
Re: Company name could lead to security xss attack?
Eli the Bearded
Re: The World Is Dangerously Dependent on Taiwan for Semiconductors
Dan Jacobson
Re: With Online Terms of Service, What Happens When You Click ‘Agree’?
Dan Jacobson
Re: The calculus really is complex
Anthony Thorn
Risk analysis and CoVID variants
Rob Slade
Novel of the Next World War
Jan Wolitzky
A new bio-inspired joint model to design robotic exoskeletons
Richard Stein
Series of security lectures
Rob Slade
Info on RISKS (comp.risks)

The Cyberweapons Arms Race (Nicole Perlroth)

Peter Neumann <neumann@csl.sri.com>
Fri, 5 Feb 2021 14:21:50 PST

Nicole Perlroth
This Is How They Tell Me the World Ends:
The Cyberweapons Arms Race
Bloomsbury, 2021

This book is “The untold story of the cyberweapons market—the most secretive, invisible, government-backed market on earth—and a terrifying first look at a new kind of global warfare.”

Nicole Perlroth's new book will be a treasure chest for many RISKS readers. Although it focuses on information warfare, it does so in the context of much deeper issues relating to computer security and privacy. It includes details of many topics that have appeared here—as well as in-depth coverage of many nevertheless RISKS-relevant items that have not. The title might seem a little presumptuous at first glance, but the book lives up to the title's expectations, and is right on the button (no pun intended). Indeed, considering its publication date (next Tuesday), it is amazingly up-to-date—including some recent events earlier this year. She has wisely used her role of pursuing these topics for The New York Times in recent years, and has written a far-reaching book that digs deeply into its sources. I'm sure it will inspire some considerable further discussion for those of you who read it.

Jill Lepore has written an outstanding four-page review: Zero Day: Hacking the Whole World, which appears in the current The New Yorker, 8 Feb 2021, pp. 55—58. I commend to you both Nicole Perlroth's book https://www.amazon.com/This-They-Tell-World-Ends/dp/1635576059 and Jill Lepore's analysis of it: https://www.newyorker.com/magazine/2021/02/08/the-next-cyberattack-is-already-under-way


Google uncovers new iOS security feature Apple quietly added after zero-day attacks

geoff goodfellow <geoff@iconia.com>
Sun, 31 Jan 2021 13:48:57 -1000

Google Project Zero on Thursday disclosed details of a new security mechanism that Apple quietly added to iOS 14 as a countermeasure to prevent attacks that were recently found to leverage zero-days in its messaging app.

Dubbed “BlastDoor,” the improved sandbox system for iMessage data was disclosed by Samuel Groß, a security researcher with Project Zero, a team of security researchers at Google tasked with studying zero-day vulnerabilities in hardware and software systems.

“One of the major changes in iOS 14 is the introduction of a new, tightly sandboxed ‘BlastDoor’ service which is now responsible for almost all parsing of untrusted data in iMessages,” Groß said <https://googleprojectzero.blogspot.com/2021/01/a-look-at-imessage-in-ios-14.html>. “Furthermore, this service is written in Swift, a (mostly) memory safe language which makes it significantly harder to introduce classic memory corruption vulnerabilities into the code base.”

The development is a consequence of a zero-click exploit <https://thehackernews.com/2020/12/iphones-of-36-journalists-hacked-using.html> that leveraged an Apple iMessage flaw in iOS 13.5.1 to get around security protections as part of a cyberespionage campaign targeting Al Jazeera journalists last year. […] https://thehackernews.com/2021/01/google-uncovers-new-ios-security.html


Killed by Google - the Google graveyard

Dan Jacobson <jidanni@jidanni.org>
Sun, 31 Jan 2021 07:36:55 +0800

Hey kids, before you get started on that new Google API, check out: https://killedbygoogle.com/

Killed by Google is the Google graveyard; a free and open source list of discontinued Google services, products, devices, and apps. We aim to be a source of factual information about the history surrounding Google's dead projects.

Contributors from around the world help compile, research, and maintain the information about dying and dead Google products. You can join the discussion on GitHub, or follow us on Twitter. A project by Cody Ogden.

Press inquiries and other assorted death threats…


Critical Bugs Found in Popular Realtek Wi-Fi Module for Embedded Devices (The Hacker News)

geoff goodfellow <geoff@iconia.com>
Thu, 4 Feb 2021 11:03:32 -1000

The second can be exploited without requiring Wi-Fi #password, and the other allows exploitation of Wi-Fi client and full takeover.

Major vulnerabilities have been discovered in the Realtek RTL8195A Wi-Fi module that could have been exploited to gain root access and take complete control of a device's wireless communications.

The six flaws were reported by researchers from Israeli IoT security firm Vdoo.

The Realtek RTL8195A module is a standalone, low-power-consumption Wi-Fi hardware module targeted at embedded devices used in several industries such as agriculture, smart home, healthcare, gaming, and automotive sectors. […] https://thehackernews.com/2021/02/critical-bugs-found-in-popular-realtek.html


NASA's space junk problem (Axios)

geoff goodfellow <geoff@iconia.com>
Thu, 4 Feb 2021 11:05:56 -1000

NASA needs to do more to understand the risks posed to spacecraft by space junk and find new ways to mitigate the threat, according to a report last week from the Office of Inspector General. <https://oig.nasa.gov/docs/IG-21-011.pdf>

Why it matters: Some see space junk as an environmental crisis in orbit. <https://www.axios.com/space-looming-space-junk-environmentalism-cb3b0c15-1= bb7-43fb-a1de-f9a6334d601e.html> Millions of pieces of space debris speed around Earth at more than 17,000 mph, putting spacecraft and sometimes people in harm=99s way.

Driving the news: The new OIG report suggests that while NASA has done a good job of deorbiting its own spacecraft and rocket bodies, many other nations haven't been as proactive, launching spacecraft and rockets that stay in orbit longer than the 25 years recommended.

The catch: Nations and private companies are working to find ways to effectively clean up space <https://www.axios.com/space-junk-satellite-janitors-bdf897f3-81ac-40b8-b949-a944bafbc4c9.html=>, but those technologies are still early in development.

https://www.axios.com/nasa-protect-satellites-space-junk-89818dfe-1be3-48bc= -8d79-811d93528b83.html


AI Can Tell What Song You Are Listening to From Your Brainwaves (Matthew Sparkes)

ACM TechNews <technews-editor@acm.org>
Mon, 1 Feb 2021 11:50:56 -0500 (EST)

Matthew Sparkes, New Scientist 26 Jan 2021, via ACM TechNews, 1 Feb 2021

Artificial intelligence (AI) developed by researchers at Delft University of Technology in the Netherlands can identify the songs a person is listening to by examining their brainwaves. The researchers used an electroencephalography (EEG) cap that detects the brain's electrical activity to record the brainwaves of 20 test subjects as they listened to 12 songs through headphones while blindfolded in a dimly lit room. The AI was trained using short segments of each person's EEG readings along with the matching music clip to identify patterns, and identified the songs with 85% accuracy in tests on unseen portions of the data. However, accuracy fell below 10% when the AI was trained on EEG data from one person and then sought to identify a song when a different person listened to it. Said Delft's Derek Lomas, music is “just voltage fluctuations. And it's the same with the EEG.” https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-293a4x227ec3x071236


The iPhone's Face ID Will Soon Work With a Mask— if You Have an Apple Watch (WiReD)

Gabe Goldberg <gabe@gabegold.com>
Thu, 4 Feb 2021 18:20:45 -0500

Recognizing you while your face is covered is still pretty tough for a computer.

Apple is facing our face-masked future. This week, the company started testing some new software for the iPhone that will let device owners unlock the handset while wearing a face covering. There's a catch, though, one that lines up with Apple's strategy of locking people in to different Apple products, and it highlights how challenging it can be to develop accurate facial recognition technology: The new face-unlock feature requires an Apple Watch.

The first developer beta of iOS 14.5 includes updates to app tracking controls and Siri alongside the face-mask function. App-makers typically get early access to the newest version of iOS in order to launch or retool their apps well in advance of the formal software release. (Brave souls who don't mind the risk of potentially bricking their iPhones can also enroll in public beta releases.) The fully baked version of the software is expected to be made available to the general public this spring.

https://www.wired.com/story/iphone-face-id-mask-ios-beta/


How Google Searches Reveal the Hidden Cost of Lockdown (U.Warwick)

ACM TechNews <technews-editor@acm.org>
Wed, 3 Feb 2021 12:09:23 -0500 (EST)

University of Warwick (UK), 27 Jan 2021 via ACM TechNews 3 Feb 2021

Researchers at the U.K.'s University of Warwick, Canada's University of Ottawa, and France's Paris School of Economics and Aix-Marseille University found that Google Trends data from 10 countries across Europe and the U.S. between January 2019 and April 2020 demonstrated the impact of pandemic lockdowns on mental health. The researchers observed a sharp increase in the number of people searching on Google for terms related to boredom, loneliness, and worry at the beginning of the first lockdown. Said the University of Warwick's Nick Powdthavee, “Our findings indicate that people's mental health may have been severely affected by the pandemic and lockdown.” Powdthavee added, “It may be necessary to make sure support is provided to help those struggling most with lockdown.”

https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-29437x22806bx068373&


F-35's Buggy Software Prompts Pentagon to Call in Universities (Bloomberg)

ACM TechNews <technews-editor@acm.org>
Wed, 3 Feb 2021 12:09:23 -0500 (EST)

Anthony Capaccio, Bloomberg, 2 Feb 2021 via ACM TechNews 3 Feb 2021

The Pentagon is consulting with U.S. universities to evaluate software on aerospace company Lockheed Martin's F-35 fighter jet, in the hope of correcting the buggy system. The F-35 program's Laura Seal said software experts at the Johns Hopkins University Applied Physics Laboratory, the Carnegie Mellon University Software Engineering Institute, and the Georgia Institute of Technology Research Institute are conducting an independent technical assessment. The $398-billion F-35 program involves Lockheed fighter jets equipped with more than 8 million lines of code each. Seal said the program office will analyze the assessment as part of “a broad range of information,” then announce dates for program milestones, including simulated combat testing to rate the F-35's performance against the latest Russian and Chinese aircraft and air defenses.

https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-29437x22806cx068373&


Ford cuts F-150 pickup truck production due to semiconductor chip shortage (CNBC)

Gabe Goldberg <gabe@gabegold.com>
Thu, 4 Feb 2021 16:03:33 -0500

https://www.cnbc.com/2021/02/04/ford-forced-to-cut-pickup-production-due-to-semiconductor-shortage-.html


Amazon Netradyne Driver Information on Vimeo

Gabe Goldberg <gabe@gabegold.com>
Thu, 4 Feb 2021 20:58:11 -0500

https://vimeo.com/504570835/e80ee265bc

Snoopervision. As if driving/delivering isn't already stressful.


The Down Side to Life in a Supertall Tower: Leaks, Creaks, Breaks (NYTimes)

Gabe Goldberg <gabe@gabegold.com>
Thu, 4 Feb 2021 00:24:43 -0500

432 Park, one of the wealthiest addresses in the world, faces some significant design problems, and other luxury high-rises may share its fate.

The Down Side to Life in a Supertall Tower: Leaks, Creaks, Breaks https://www.nytimes.com/2021/02/03/realestate/luxury-high-rise-432-park.html


A Vast Web of Vengeance (NYTimes)

Gabe Goldberg <gabe@gabegold.com>
Thu, 4 Feb 2021 00:27:08 -0500

Outrageous lies destroyed Guy Babcock's online reputation. When he went hunting for their source, what he discovered was worse than he could have imagined.

Author writes:

Ms. Atas's victims spent years begging Google, Pinterest and WordPress to take down the slanderous posts or at least make them harder to find. The companies rarely did so, until I contacted them to request comment for this article. Pinterest then removed photos linked to Ms. Atas. Automattic, which owns WordPress, deleted her blogs.

A Vast Web of Vengeance https://www.nytimes.com/2021/01/30/technology/change-my-google-results.html


Will Australia ban VPNs?

Lauren Weinstein <lauren@vortex.com>
Thu, 4 Feb 2021 09:32:15 -0800

Thought Experiment: Will the Australian government try to “do a China” and ban VPNs, when Aussies start using VPNs to access Google, if Google pulls out of Oz in justified response to the government there behaving like idiots who don't understand how the Internet works?


Maybe Set A Calendar Reminder For Summer: Your Virginia E-Z Pass May Be Inactive (DCist)

Gabe Goldberg <gabe@gabegold.com>
Tue, 2 Feb 2021 19:32:20 -0500

The commonwealth is one of two states (New Hampshire is the other) that deactivates drivers' passes and closes their accounts after a year of inactivity. This is due to the requirements of the state's unclaimed property regulations. With routines upended, many commuters would likely see their passes approach expiration come mid-March.

But now, drivers have until the summer to avoid losing their pass's functionality. The Virginia Treasury Department has given the Virginia Department of Transportation (VDOT) a one-time, six-month moratorium on the deactivation rule because of the pandemic.

https://dcist.com/story/21/02/02/virginias-e-z-pass-has-one-odd-rule-you-need-to-know/

Deactivate account, forfeit account balance, get sudden no-plate toll bill. Brilliant.


Ballot-Marking Devices in Georgia (Andrew Appel)

Peter Neumann <neumann@csl.sri.com>
Mon, 1 Feb 2021 13:16:59 PST

https://freedom-to-tinker.com/2021/02/01/georgias-election-certification-avoided-an-even-worse-nightmare-thats-just-waiting-to-happen-next-time/


No Flash, no trains

“Clive D.W. Feather” <clive@davros.org>
Sat, 30 Jan 2021 17:06:05 +0000

When Flash stopped working at the start of the year, it wasn't just online games that were affected. It turns out that a railway in China was running its systems using Flash.

Their solution? To install a pirated version.

https://hk.appledaily.com/news/20210117/FLXATT4LKVBGVEBRLAECJPTCHM/ https://jalopnik.com/any-1846109630


Re: The ‘Dumb Money’ Outfoxing Wall Street Titans (NYTimes)

Henry Baker <hbaker1@pipeline.com>
Fri, 29 Jan 2021 13:58:00 -0800

There is a serious problem with the regulation of short selling, which has been going on for most of my 70+ years: you're not allowed to sell short shares that you haven't borrowed. This keeps the total number of shares shorted at less than the total number of shares in the public market (the “float”).

However, some of the companies mentioned in these articles have had total shorted shares substantially greater than the total number of shares in the company, which proves that someone (actually, a large # of someone's) have been illegally rigging the system.

The SEC claims to be looking into this whole situation, but I'm not holding my breath waiting for any fines or jail sentences.


Re: The Creeping Normalization of Robotic Police Officers (RISKS-32.47)

Amos Shapir <amos083@gmail.com>
Sat, 30 Jan 2021 18:43:48 +0200

This is not the future, it's the present. This might already happen with current surveillance cameras and face-recognition software, no need for robocops patrolling the streets.

If that happens to anyone, they'd better keep themselves under house arrest, because this situation might happen again each time they step out — until someone takes care to update the algorithms.


Re: An old arrest can follow you forever online… (RISKS-32.47)

Henry Baker <hbaker1@pipeline.com>
Sat, 30 Jan 2021 18:20:25 -0800

What's good for the goose is good for the gander: Steve Bannon, Roger Stone, Rod Blagojevich, Tony Levandowski, Paul Manafort, Michael Flynn, Joe Arpaio, etc. will all want the same treatment.

The phony “right to be forgotten” has to have some limits—e.g., shouldn't those who run for office be required to disclose any legal troubles?

What happens if someone runs for office and loses? Does the Internet now have to scrub itself of any of these disclosures made while they ran?

The silly thing is that anyone who really cares—e.g., a potential employer, a bank, an insurance company, etc., can easily find out all these things w/o any hindrance from The Boston Globe.

Only you, as a woman attending a first date, won't be able to Google about your upcoming date without paying a hefty sum.


Re: Company name could lead to security xss attack? (Levine, RISKS-32.47)

Eli the Bearded <*@eli.users.panix.com>
Tue, 2 Feb 2021 17:08:01 -0500 (EST)

More recently the (now ex-)commissioner of the Department of Building Inspection (DBI) in San Francisco, Rodrigo Santos was regularly pocketing checks made out to DBI and changing the payee to RODBIGO SANTOS to cash them. The FBI published an example of such late last year.

https://missionlocal.org/2020/09/rodrigo-santos-dbi/

I have to suspect automated check processing made this easier, as humans would likely scrutinize the change in handwriting better. The payers might not have looked closely so long as they got their building permits. Unfortunately for Rodrigo Santos, the computers also keep copies of the checks for police to subpoena.


Re: The World Is Dangerously Dependent on Taiwan for Semiconductors (Bloomberg)

Dan Jacobson <jidanni@jidanni.org>
Sun, 31 Jan 2021 12:44:23 +0800

And, we got the chips. So, World, how about some vaccines?

https://www.qatar-tribune.com/news-details/id/206745/taiwan-to-germany-can-we-trade-semiconductor-chips-for-vaccine- https://focustaiwan.tw/politics/202101290021 https://www.taiwannews.com.tw/en/news/4113126


Re: With Online Terms of Service, What Happens When You Click ‘Agree’? (The New York Times)

Dan Jacobson <jidanni@jidanni.org>
Sun, 31 Jan 2021 12:07:45 +0800

And what happens when you try sending an email to one of those addresses in those Terms of Service?

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
legal@godaddy.com

Re: The calculus really is complex (RISKS-32.46)

Anthony Thorn <anthony.thorn@atss.ch>
Sat, 30 Jan 2021 11:34:37 +0100

I was of the same opinion as WOL along the lines that IF the first dose of the Pfizer/Biontech vaccine provides 60% protection (for twice as many people) and 100% protection against serious illness, it's a no-brainer from the epidemiological standpoint- if not for those individuals who would otherwise receive their second dose after 3 weeks.

However Dr Fauci's statement that providing 60% protection to a large population would/could select for mutations with immunity to the vaccine adds a new level of complexity.

https://www.businessinsider.com/fauci-coronavirus-variant-mutation-2nd-vaccine-dose-covid-2021-1

Fauci, speaking on a virtual World Economic Forum panel:

“You don't get full efficacy until you get the second dose, and if you allow suboptimal efficacy, you can actually immunologically select for mutations,”

But England's chief medical officer Professor Chris Whitty:

a “real worry but quite a small real worry”.
https://news.sky.com/story/covid-19-extending-gap-between-coronavirus-jab-doses-creates-small-risk-of-escaped-mutant-variant-whitty-12180180

I do not envy the politicians or even the scientific advisors their responsibility.


Risk analysis and CoVID variants

Rob Slade <rslade@gmail.com>
Tue, 2 Feb 2021 09:35:47 -0800

Right now, people are in a major panic about CoVID variants. B1.1.7 (aka UK), B1.351 (aka South Africa), CAL20C, and at least one from Brazil. By the time you read this, there will likely be others.

CoVID is a really classic example of risk because so much probability is involved. As Donn Parker has famously said, there is no risk of encountering malware because, in the current computing environment there is no probability of encountering malware: it's a certainty. Almost none of the CoVID risk is binary. If you leave your house, you don't necessarily immediately get CoVID, it just increases the probability of your risk of getting infected. If you fail to wash your hands, you don't immediately get CoVID, it just increases the probability of your risk of getting infected. If you stand less than two metres away from someone, you don't immediately get CoVID, it just increases the probability of your risk of getting infected. If you don't wear a mask when you go out, you don't immediately get CoVID, it just increases the probability of your risk of getting infected.

And, if you do get infected, there is probability involved again. You may never show any symptoms. Or you may have something like a mild case of the flu. Or you may die. Or you may just become really, really sick, and, for a month or so, wish you would die. Or you may become one of the long-haulers with some weird respiratory or neurological deficit that never goes away. It's a fairly random outcome, as far as we can tell at the moment.

But there's more probability involved, and almost nobody is talking about it. Each time the virus reproduces, there is a chance of an error. Those errors become mutations. Most of the time, the mutation simply fails. The error causes the virus to fail to reproduce, or sometimes to fall apart. (Those mutations just disappear.) Sometimes the error doesn't really change much of anything, and it just makes it possible for us humans to do full genome sequencing and figure out where this particular case of CoVID came from. But sometimes, say once in 85.4 trillion times, the error produces something that will make the virus work slightly better than it did before. It may bind more tightly to human cells, or hide a bit better from antibodies. It'll be more successful.

A more successful virus will tend to have an advantage, and will therefore sort of take over the niche that the viruses are trying to occupy, just like any other evolutionary population dynamics. If the new mutation is more successful because it infects faster or easier, then the variant will spread faster, and the new variant will be more infectious than the old variant, thus increasing the reproductive number and increasing the number of cases per day. But that's ironic, because each new case provides more opportunity for mutation. Each time the virus reproduces there is room for that error, and so each and every new case means a greater risk of more variants.

Which means that every time you go out when you don't need to, or fail to wash your hands, or fail to distance, or fail to wear a mask, you not only risk getting infected, or giving the infection to your friends and family, or increasing the spread in your neighbour, but you also risk making a new variant, each one closer to the ultimate aim of the viruses to become something that infects everyone it contacts immediately, spreads via tiny aerosols that go right through filters, completely spreads through the entire organism, and then sits and does nothing and produces no detectable symptoms until a month after infection when it kills everyone.

Now, lest you think that is too dark a thought in regard to virus variants, note that, right now, even with the variants that we have encountered, we do know how to deal with them. We need to do exactly what we have been told all along, only more so. Stay home if you can. Wash your hands. If you need to go out, keep your distance. If you need to go out, wear a mask. Don't go to parties. Don't hold parties. No, not even SuperBowl parties. Don't merge bubbles. This is not rocket science. And it works.


Novel of the Next World War

Jan Wolitzky <jan.wolitzky@gmail.com>
Tue, 2 Feb 2021 19:53:09 -0500

Wired magazine is publishing a 6-part, serialized novel, by Elliot Ackerman and Admiral James Stavridis, about a near-future war between the U.S. and China that turns on innovations in artificial intelligence, quantum computing, and cyberweapons.

<https://www.wired.com/story/2034-novel-next-world-war-editors-letter/>


A new bio-inspired joint model to design robotic exoskeletons (Techxplore.com)

Richard Stein <rmstein@ieee.org>
Wed, 3 Feb 2021 20:59:24 +0800

https://techxplore.com/news/2021-02-bio-inspired-joint-robotic-exoskeletons.html

“Recent advances in the field of robotics have enabled the fabrication of increasingly sophisticated robotic limbs and exoskeletons. Robotic exoskeletons are essentially wearable ‘shells’ made of different robotic parts. Exoskeletons can improve the strength, capabilities and stability of users, helping them to tackle heavy physical tasks with less effort or aiding their rehabilitation after accidents.”

A fascinating field ripe for innovation. No ready means to determine the deployed product population. See some exoskeleton models: https://www.digitaltrends.com/cool-tech/robot-exosuit-roundup/

These systems can enable a paraplegic to ambulate. However, the limb motion control systems can injure human anatomy.

The FDA's TPLC platform lists one product code, PHL, that categorizes regulations for powered exoskeletons, specifically “powered lower extremity exoskeleton.”

See https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfTPLC/tplc.cfm?id=3931&min_report_year=2016. There are 20 medical device reports listed between 2016-2020. The key patient problem reported is bone fracture.

The top-10 device problems attributed to the MDRs, in CSV format:

Device Problems,MDRs with this Device Problem,Events in those MDRs
Adverse Event Without Identified Device or Use Problem,6,6
Human-Device Interface Problem,5,5
Insufficient Information,2,2
Fracture,2,2
Component Missing,1,1
Break,1,1
Crack,1,1
Appropriate Term/Code Not Available,1,1
Noise, Audible,1,1
Detachment Of Device Component,1,1

The top-10 patient problems, attributed to the MDRs, in CSV format:

Patient Problems,MDRs with this Patient Problem,Events in those MDRs
Bone Fracture(s),14,14
Swelling,5,5
Bruise/Contusion,2,2
Edema,1,1
Head Injury,1,1
Joint Swelling,1,1
No Code Available,1,1
No Consequences Or Impact To Patient,1,1
Spinal Cord Injury,1,1
No Known Impact Or Consequence To Patient,1,1

Series of security lectures

Rob Slade <rslade@gmail.com>
Mon, 1 Feb 2021 08:43:47 -0800

Oh, my brothers and only friends:

I have been presented with an opportunity to give a whole series of presentations to a non-security group. We, as security people, always complain that nobody in tech ever wants to listen to us, so I am not about to turn down an opportunity for an eight-month gig to evangelize our non-security bretheren.

VanTUG ( http://vantug.com/ ) started life as a Microsoft user group, so they want me to use Microsoft Teams, which I never have. I am still learning. Some things I like, and some I don't. The VanTUG President has told me that they are willing to have non-members attend the “meetings”/lectures, or to join the group. There is no charge for either membership or attendance. You can join the VanTUG “Team” at https://teams.microsoft.com/join/r7slh6566c60. It is not necessary to join in order to attend the “meetings”/lectures, but joining gets you announcements about the meetings. Or you can view the postings I'm making at https://community.isc2.org/t5/C/V/m-p/42919 or follow my Twitter feed at https://twitter.com/rslade

The first of these presentations is going to be on this Tuesday, February 2nd, and the first and third Tuesdays of the month thereafter, currently slated to run until September. The meetings are from 7 pm to 8:30 pm ET: Vancouver). A (rough) list of topics can be found at the posting at https://community.isc2.org/t5/C/V/m-p/42919

The link for the first “meeting” is: https://teams.microsoft.com/l/meetup-join/19:meeting_MGNlNjNhMGItNzVjNC00NDk3LThmNDUtNDE3MjZlN2RmOTVh@thread.v2/0?context={"Tid":"8d3d8493-09a7-43f8-97e6-9423036fdf31","Oid":"055a3565-22c2-4d78-a9f2-e72f723df6ef"} It might be easier to get it off the posting at https://community.isc2.org/t5/C/V/m-p/42919 or my Twitter feed at https://twitter.com/rslade

So, if you are interested, or if you want to see “Teams” in action, or if you have any non-security friends that you want to be evangelized into security, or want to attend and heckle me when I make a mistake in what I tell them …

Please report problems with the web pages to the maintainer

x
Top