Motherboard feed for https://motherboard.vice.comenMon, 12 Nov 2018 21:31:03 +0000<![CDATA[Sons of the Pre-Apocalypse]]>, 12 Nov 2018 21:31:03 +0000My second son was born last week, right before two historic wildfires hit his new home state and burned whole cities to the ground. One burned about thirty miles west of the hospital he was born in, thickening the air with smoke, turning the sun deep red—we marked his first week anniversary by watching ash fall from the sky into our front yard. The other burned an hour and a half's drive north of where I grew up, of where my parents live, and reduced a town of thirty thousand people to embers so fast that the highway was left littered with abandoned and charred cars attempting escape, and dozens dead.

Thanks to our justified eschatology fetish, these scenes inevitably get described as "apocalyptic," present or post-. By that count, my son was born into pre-apocalyptic times, but only just. By plenty other counts, too.

Naturally, my wife and I have been struggling with how to process the highs and lows of a week that began with a beautiful natural childbirth—surrounded by family and friends, elated by the arrival of a pure new human, and wonderful nurses, techs, and doctors, working diligently and thoughtfully to deliver and protect new life—and ended with a total inferno and mass evacuations outside our city, in a place we do afternoon hikes. It was confusing.

As a new father who is also a Californian and on Twitter too much, how should I reconcile the swirling images that dominate a week like that?


The questions pretty much ask themselves ('How can we raise kids in a world like this?', mostly), and it's hard not to think about that months-old UN climate report that concluded we basically have a decade to act before all this spirals out of control.

No one wants to deliver a child into the onset of an apocalypse, but at least it's not certain yet whether these days just feel like the beginning of the end, or are. The end of something, anyway. What *is* certain: The fires burn worse every year. The climate is changing—the science has been crystal for so, so long—but you'd have to be worse than a dope to live in California and not just feel it intuitively now. The droughts are longer, the temperatures higher, the snowmelt lessened, the brush drier, the fires likelier, bigger, and better fueled.

To me, and I imagine many Californians, the wildfires used to be something that'd seem to hit once or twice a year, in distant wilderness, or occasionally too near a subdivision, where they might claim some unfortunate houses built in the wrong place at the wrong time. Now they are an omnipresent existential threat. The two biggest fires in the state's history were both in the last two years. Ultra-wealthy Malibu is burning. Rural, retirement community-laden Paradise is burning. Santa Rosa burned. Ventura burned. It's all burning.

Meanwhile, my newborn took his first nap on my chest, held his head up improbably, and smiled in his sleep.

Isn't it a common sign of apocalyptic times that the leaders presiding over them are only interested in themselves, and in consolidating power by fanning fast-sprouting resentments, exploiting tragedy? The US president, a denier of climate change, couldn't bother to even extend his sympathies to our besieged state, babbling some brain leakage about "bad forest management." And the congressman who was just reelected to represent the CA district home to smoldering Paradise "doesn't buy" that climate change is real. It all seems so bad.

As if it's not enough that we're facing existential threats on multiple fronts, on a nearly incomprehensible scale, it was another reminder that so many of the people with the power to address it still don't even believe in the catastrophe that is very clearly unfolding before all our eyes. This was always stupid, but when you're closing the doors to your house so your 5-day-old doesn't breathe in ash and wildfire smoke in the middle of one of the nation's biggest cities, it seems criminal. Through it all, the newborn is peaceful, unfussy, and happy spending hours in his little mechanized swing between nursing.

Throughout the week, I thought about the night Trump was elected, when my wife and I sat dumbly awake, wracked into the early hours of the morning. The question came up, as I imagine it did for many, like one of those triangular rubbers to the knee: So do we move or something now? Our first son was months old then, and I joked at the time that no, the rebellion against five-term Emperor Trump was going to need good people.

It wasn't really funny then, but it's probably more true now. Climate change-acknowledging Democrats took back the House, but power is still bent on denial. And so much of the country is waving the flag for the deniers.

So it is certain that my kids are going to come of age in a world that is rapidly warming and rapidly changing—that is literally more on fire—but also in a country that in a given year may or may not be governed by politicians in stark denial of those changes. When I started covering climate change ten years ago, the GOP candidate for president had a climate plan—now, the notion that that we all, Democrats and Republicans alike, might unite to inadequately address global warming with market-based solutions seems like a hopeless utopian dream.

But I'm not writing all this because I'm despairing or fuming, though both are part of the mix. I'm writing this for a maybe cheesily optimistic reason, but I will take cheesily optimistic and I will cling to it with a bloody deathgrip right now.

Last night, my firstborn son was sitting in his high chair, the little one was swinging quietly in that chair at our feet, and a Daft Punk song came on the stereo. The two-year-old, who was eating pasta noodles, abruptly started dancing in his chair so excitedly he couldn't land his fork on the noodles (he was still trying to eat, of course). He looked at me and my wife, expecting us to dance in our chairs, too, because obviously why would anyone not be dancing when Daft Punk comes on when you are eating spaghetti. We did, because you always do what the two-year-old wants in situations like this. We danced, and the baby swung contentedly in his swing. It was one of those perfect moments they say having a family is all about ('they' being me, a person who has seen the Steve Martin movie Parenthood.)

I had this feeling, this dumb, perfect feeling, that lasted until later in the night, when it occurred to me that the scene might have helped me locate where hope might spring. Nearly everyone has had that moment, whether we remember it or not, and probably lots of them, when we were nothing but conduits of joy and goodness and also wanted nothing more than to share that with someone else. Who fucking cares if we were two, or three, or five or eight. We were human, and we were capable of that. There is a way, lodged somewhere deep down there, beneath our cantilevered structures of long-encrusted ideologies, to relate a base capacity for joy and goodwill.

It made me think of that line Anne Frank wrote that still to this day destroys me if I linger on it too long, about how in spite of everything, she still believes people are basically good at heart. I believe that too, even if I also believe a few of them that hold the most power are too far gone. But many who admire them are not.

My sons are going to live in cities on fire, in nations led by men who don't care, and they are going to have to learn to help tackle the problem, as we are. If I can in any way help them tap into that capacity that I felt last night, if they can help me, and if others can—and if that relation can help topple power in denial—then maybe we can sustain this pre-apocalypse, whether it takes another blue wave or nine, a political revolution, mass psilocybin hallucinations, or something else. If we can relate that goodness where applicable and confront power whenever possible, my sons may not have to live their adult lives in omnipresent fear of fires.

People are basically good, power corrupts but is not de-corruptible, and there is a lot of work to do.

At least, that's what gave me hope that week as I watched the world burn, literally and figuratively, but mostly literally, as my beautiful new ward eked out his being amongst the smoke.

nepbnzBrian MerchantBrian Merchantclimate changewildfiresfatherhoodFatherboardMalibu Wildfires
<![CDATA[Physicist Wins $3 Million Prize for Discovering Pulsars, Donates it All to Promoting Diversity in STEM]]>, 12 Nov 2018 19:45:02 +0000 How tall are you? How many boyfriends do you have? Would you describe your hair as brunette or blonde?

While addressing a room of physicists at the Perimeter Institute for Theoretical Physics in Waterloo, Ontario, last month, Dame Jocelyn Bell Burnell recalled the questions journalists asked her in 1967 in response to her groundbreaking discovery of pulsars, rotating neutron stars marked by their distinct pulsating nature. Questions relating to “the astrophysical significance” of the discovery, meanwhile, were reserved for her thesis adviser, Antony Hewish, according to Burnell.

Seven years later, Hewish was awarded the 1974 Nobel Prize in Physics for the discovery of pulsars. Controversially, Burnell was omitted, despite her role as co-author on the paper and as the first to detect their existence.

Burnell herself does not begrudge the Nobel omission, however, and has said many times since that she “believe[s] it would demean Nobel Prizes if they were awarded to research students, except in very exceptional cases, and I do not believe this is one of them.”

Last week, 51 years after her initial discovery, Bell’s contributions were recognized as she accepted the 2018 Special Breakthrough Prize in Physics and a $3 million check, the largest cash prize awarded across academia and twice the amount awarded for a Nobel.

The award ceremony, held at the NASA Ames Research Center in Silicon Valley, more closely resembled the Oscars than a science summit, with a celebrity-studded audience and musical performances by Lionel Richie and GEM.

On stage, Bell committed to donate the $3 million in full to the Institute of Physics (IoP), a London-based scientific charity that works to advance physics education, research and application, where she previously served as president.

Read More: Recent Nobel Prize Winner Is 'Profoundly Sorry' for 'Degrading' Video of Women

She and the current president of the IoP are working together to develop a new program that “opens doors to physics for people from every walk of life” by funding scholarships for underrepresented groups. Bell, who claims to have battled “imposter syndrome” at many points in her scientific career, believes the program will ensure that access to science for diverse groups remains “at the very top of the science community’s agenda.”

While generous, her donation is not altogether surprising to Dr. Ayse Turak, an associate professor of engineering physics at McMaster University in Ontario, Canada. “The joy of being a professor is watching students grow into scientists, and I’m sure Dr. Burnell would agree,” Turak told me over the phone. “In that way, I’m not surprised that she chose to make this donation, because ultimately that’s what our job is. It’s our job to nurture the next generation of scientists. The marker of a true scientist is not only that they aspire for impact, but also the impact of others. Science is a collaboration.”

While the recognition may have come late for Burnell, she’s in good company this year. The Perimeter Institute crowd gave a standing ovation for another note-worthy attendee, Donna Strickland.Strickland was awarded the 2018 Nobel in Physics for the invention of chirped pulse amplification, a technique to manipulate lasers that has led to the development of a wide array of powerful laser-based tools, including those used for corrective eye surgery, drilling, and data storage.

Strickland is the first female to earn the distinction in over half a century, and one of only three women total, along with Maria Goeppert-Mayer and Marie Curie.

Like Burnell, Strickland was a graduate student when the discovery was made, which signals a potential shift in academia’s perception of the value of graduate contributions made possible in part by Burnell’s legacy.

The image of the two sitting side-by-side was a strong visual representation of diversity in the field of science. In commemorate, the Perimeter Institute used the opportunity to unveil portraits of Strickland and Burnell, alongside eight other female scientists, in a free digital series called Forces of Nature: Great Women Who Changed Science.

Donna Strickland, left, and Jocelyn Bell Burnell posters
Donna Strickland, left, and Jocelyn Bell Burnell, right, are featured in the Perimeter Institute's Forces of Nature Poster Series. Image: The Perimeter Institute

Dr. Melinda Han Williams, who holds a PhD in applied physics from Columbia University, believes public recognition for Burnell and Strickland will have a big impact. “I did not have any mentors that looked like me in school. Now that I have a toddler, I think often about how the classic image of a scientist is often Einstein, which is too narrow. There is a lot of value in having prizes [like the Breakthrough Prize] and sharing stories so new role models are created.”

Listen to CYBER, Motherboard’s new weekly podcast about hacking and cybersecurity.

9k4y5zNatalie FrattoNatasha GrzincicEmanuel MaibergSciencephysicsnobel prizeSTEMBreakthrough Prizeperimeter institutesexism in scienceJocelyn Bell Burnell
<![CDATA[Shady Data Brokers Are Selling Online Dating Profiles by the Millions]]>, 12 Nov 2018 19:05:19 +0000If I’m signing up for a dating website, I usually just smash the “I agree” button on the site’s terms of service and jump right into uploading some of the most sensitive, private information about myself to the company’s servers: my location, appearance, occupation, hobbies, interests, sexual preferences, and photos. Tons more data is collected when I start filling out quizzes and surveys intended to find my match.

Because I agreed to the legal jargon that gets me into the website, all of that data is up for sale—potentially through a sort of gray market for dating profiles.

These sales aren’t happening on the deep web, but right out in the open. Anyone can purchase a batch of profiles from a data broker and immediately have access to the names, contact information, identifying traits, and photos of millions of real individuals.

Berlin-based NGO Tactical Tech collaborated with artist and researcher Joana Moll to uncover these practices in the online dating world. In a recent project titled “The Dating Brokers: An autopsy of online love,” the team set up an online “auction” to visualize how our lives are auctioned away by shady brokers.

In May 2017, Moll and Tactical Tech purchased one million dating profiles from the data broker website USDate, for around $153. The profiles came from numerous dating sites including Match, Tinder, Plenty of Fish, and OkCupid. For that relatively small sum, they gained access to huge swaths of information. The datasets included usernames, email addresses, gender, age, sexual orientation, interests, profession, as well as detailed physical and personality traits and five million photos.

USDate claims on its website that the profiles it’s selling are “genuine and that the profiles were created and belong to real people actively dating today and looking for partners.”

In 2012, Observer uncovered how data brokers sell real people’s dating profiles in “packs,” parceled out by factors such as nationality, sexual preference, or age. They were able to contact some of the people in the datasets and verified that they were real. And in 2013, a BBC investigation revealed that USDate in particular was helping dating services stock user bases with fake profiles alongside real people.

I asked Moll how she knew whether the profiles she obtained were real people or fakes, and she said it’s hard to tell unless you know the people personally—it’s likely a mixture of real information and spoofed profiles, she said. The team was able to match some of the profiles in the database to active accounts on Plenty of Fish.

How sites use all of this data is multi-layered. One use is to prepopulate their services in order to attract new subscribers. Another way the data is used, according to Moll, is similar to how most websites that collect your data use it: The dating app companies are looking at what else you do online, how much you use the apps, what device you’re using, and reading your language patterns to serve you ads or keep you using the app longer.

“It’s massive, it’s just massive,” Moll said in a Skype conversation..

Moll told me that she tried asking OkCupid to hand over what they have on her and erase her data from their servers. The process involved handing over even more sensitive data than ever, she said. To confirm her identity, Moll said that the company asked her to send a photo of her passport.

“It’s difficult because it’s almost like technologically impossible to erase yourself from the internet, you’re info is on so many servers,” she said. “You never know, right? You can’t trust them.”

I’ve reached out to USDate, Plenty of Fish, Tinder, OkCupid and Match for comment and will update if I hear back.

Most of the dating app companies that Moll contacted to comment on the practice of selling users’ data to third parties didn’t respond, she said. USDate did speak with her, and told her it was completely legal. In the company’s frequently asked questions section on its website, it states that it sells “100% legal dating profiles as we have permission from the owners. Selling fake profiles is illegal because generated fake profiles use real people’s photos without their permission.”

The goal of this project, Moll said, isn’t to place blame on individuals for not understanding how their data is used, but to reveal the economics and business models behind what we do every day online. She believes that we’re engaging in free, exploitative labor every day, and that companies are trading in our privacy.

“You can fight, but If you don’t know how and against what it’s hard to do it.”

59vbp5Samantha ColeJordan PearsonTinderdataDating Appsmatchdata privacyusdate
<![CDATA[The Best Video Game DRM in the Business Is Getting Cracked Before Games Even Launch]]>, 12 Nov 2018 19:01:22 +0000 Developers selling their games on the PC face a perennial problem: hackers cracking the copy protection on their games and their sales getting eaten away by pirates taking the game for free. It's a problem that sends many developers hunting after better and better solutions for "digital rights management," or DRM, which basically tries to make sure that only people who pay for a game are allowed to play it.

Since Denuvo launched in 2014, it has maintained a status as the most crack-resistant and most widely used third-party DRM solution by large developers and publishers. Recent large games that use Denuvo include Battlefield V, Hitman 2, Assassin's Creed: Odyssey, Madden 19, and Far Cry 5. Denuvo's effectiveness seems to be waning, however: yesterday, a partial crack for Hitman 2 was posted by an anti-DRM group a full three days before its official launch. Motherboard was able to confirm that pirated copies of Hitman 2 are being distributed on Pirate Bay. According to users on Reddit, the crack currently allows the game to be launched and for pirates to play the prologue level for Hitman 1, the 2016 entry for the Hitman series. With full Denuvo protection, pirates shouldn't be able to launch Hitman 2 at all.

Denuvo's makers knows better than anyone that nothing is hack-proof. Instead, their stated strategy is to simply delay the hack. Like movies banking on money from a big opening night, video game releases make most of their money in the first 14 days from eager fans ready to play full price for the latest and greatest games.

"The most critical part of the release cycle is the first 14 days as the majority of activations occur during this period," Irdeto, the company that purchased Denuvo early in 2018, wrote in a press release just last week. "For highly anticipated titles, this could include up to 80% of sales, 50% of which are within the first four days."

Denuvo maintains that if its protection can just last during the initial blast of publicity and cultural relevance, developers will have gotten money back on their investment with Denuvo. That value proposition has gotten a little shakier in the last few months, though. Central hubs of game piracy like reddit and Pirate Bay were completely stumped by Denuvo through 2014 and 2015, but now it's common for games like Soulcalibur 6 and Football Manager 2019 to reportedly get cracked within those all-important first four days.

To be fair to Denuvo, this problem may be partially of Hitman 2's own making. Developer IO Interactive sold a special edition that released to select high-spending customers on Friday, five days before the wide release. The cracked version was posted by a group of game crackers calling themselves FCKDRM; they use the same name and logo as FCKDRM, an anti-DRM advocacy group founded by DRM-free online store, but GOG isn't involved in game cracking. Because cracks are usually posted a few days after a game launches, in this case it's likely that the game crackers used a copy of the special edition to crack the game, leading to this embarrassing security break before the official release.

Denuvo did not immediately respond to a request for comment.

3k9qnwIan BirnbaumEmanuel MaibergGamingcracksDenuvoHitman 2
<![CDATA[The First Trailer for 'Pokémon: Detective Pikachu' Is Here and It Looks Incredible]]>, 12 Nov 2018 18:13:33 +0000The first trailer for the upcoming live action Pokémon movie Pokémon: Detective Pikachu is here and I’ve never gone from not caring about a movie to absolutely needing to see it so fast in my whole life.

The movie stars Ryan Reynolds, who voices an adorable Pikachu in a detective hat that can communicate with its human pal Tim Goodman, portrayed by Justice Smith. Everyone else in the movie’s world hears the typical squeaky “pika pika” out of Pikachu, but Goodman hears Reynold’s dulcet tones.

In the 2016 game that the movie is adapted from, the pair team up to solve the mystery of Goodman’s missing father, but I don’t care about that right now, because I’m so taken with the visuals. I never thought I’d want a Pokémon movie to strike a dark tone, but Pokémon: Detective Pikachu looks a little gritty in a way that makes everything look strangely realistic. The scales on Charizard, the hair on Pikachu, and the flesh of Mr. Mime all pop to life on the screen in a way that’s both amazing and, according to some, disturbing. This is a world that looks like something out of Blade Runner and, honestly, it’s perfect.

If we’re very lucky, Pokémon: Detective Pikachu could be another Who Framed Roger Rabbit.

Get six of our favorite Motherboard stories every day by signing up for our newsletter.

qvq8pwMatthew GaultJordan PearsonPokemondetective pikachu trailerpokemon detective pikachudetective pikachu moviedetective pikachu creepypokemon movie
<![CDATA[Dozens of Cat Mummies Found in 4,500-Year-Old Egyptian Tombs]]>, 12 Nov 2018 17:06:07 +0000 Over the weekend, archeologists unveiled dozens of cat mummies and 100 feline sculptures found in 4,500-year-old tombs at Saqqara, an ancient Egyptian necropolis south of Cairo. The exciting find reiterates that the human compulsion to worship our kitty companions predates the likes of Maro and Lil BUB by several millennia.

The ritual sacrifice, mummification, and burial of cats was extremely common for thousands of years in ancient Egypt, and the animals were bred for this specific purpose. These sacrificed kitties were likely a mass offering to the cat goddess Bastet. A bronze statue dedicated to Bastet was recovered with the mummified cats, along with a multitude of wooden gilded feline figurines.

Exterior of King Userkaf pyramid complex. Image: Neithsabes

Over the coming weeks, the Saqqara expedition plans to open other tombs at this complex that appear to have remained completely undisturbed since the Fifth Dynasty.

Get six of our favorite Motherboard stories every day by signing up for our newsletter.

kzv8qxBecky FerreiraJason KoeblersacrificecatsTombsMummiesancient egyptrapyramidnecropolisantiquitiesarcheologistmummificationAncient EgyptianssarcophagusSaqqara
<![CDATA[Watch These Robots Dominate a Water Bottle-Flipping Competition]]>, 12 Nov 2018 16:13:56 +0000 When they’re not making DIY devices to measure bong hits or suing the US government over climate change, bored teens may also be found studying fluid dynamics and angular momentum—a pastime better known as “bottle flipping.”

Bottle flipping—tossing a water bottle so that it spins and lands upright—became an international phenomenon after a video of a high schooler flipping water bottles at a talent show went viral in 2016. Not only did the artform get banned at some schools for being a nuisance, but it also attracted the attention of scientists who were interested in the complex physics behind bottle flipping.

Last week, student competitors at Japan’s RoboCon, a national high school robotics contest, brought bottle flipping into the future with a suite of homemade robots that have mastered the art of tossing water bottles.

Considering that the robots were made by teams whose members are between 15 and 20 years old, the precision of these water bottle flipping robots is mind boggling. Some of them manage to bounce the bottles off the table at precise angles so that the bottle lands right side up, while others flip multiple bottles to produce a wild aerial show. Perhaps the most impressive, however, is the bottle bot that manages to fling a water bottle across the stage and bounce it off of a trampoline and onto a high table.

We knew robots would come for all our jobs eventually, but I don’t think anyone expected them to dominate meatbags in bottle flipping so soon.

wj35ewDaniel OberhausJordan Pearsonjapanhigh schoolteensRobotics ChallengeBottle FlippingRoboConrobot flipping water bottles
<![CDATA[The Weakest Link in Cybersecurity Isn't Human, It’s the Infrastructure]]>, 12 Nov 2018 15:30:00 +0000 The Weakest Link is Motherboard's third, annual theme week dedicated to the future of hacking and cybersecurity. Follow along here.

When someone gets hacked, many people impulsively blame the victim. We’re conditioned to think that they did something wrong; we presume that they had a bad password, reused passwords across websites, didn’t turn on two-factor authentication, or otherwise made some sort of mistake that a more security-conscious person wouldn’t have.

The truth is often a little more complicated. While there are of course things you can do to make yourself less of a target and to harden your accounts, the fact remains that hackers are increasingly exploiting systematic failures by large companies, and that there is often little or nothing the average user can do to prevent a breach. The business models of many companies rely on monetizing and selling user data; internet of things and new startups rarely take security as seriously as they should; massive hacks of companies like Equifax and T-Mobile make our social security numbers less private than they ever have before.

The “weakest link” in cybersecurity is often no longer the human, it’s the infrastructure that increasingly controls our data without giving us a chance to do anything about it. In this brave new digital world, what can you really do to protect yourself?

With that in mind, our third annual hacking week explodes that weakest link—the point of failure in the hacks we see in the news. The slate we have this year is extraordinary: We’ll have some scoops and features we’ve been planning and reporting for months, as well as opinion pieces by infosec professionals who explain how the internet’s design is failing users. We’re also launching Motherboard’s first hacking-focused podcast, CYBER. The pilot episode is about SIM hijacking, in which hackers steal a victim’s cell phone number and use it to get into their other accounts—and which consumers can do very little to stop on their own.

It’s not all bad news, of course, and there are steps you can take to prevent or minimize the effects of many of the most common attacks. With that in mind, we did a big refresh of The Motherboard Guide to Not Getting Hacked, our comprehensive infosec guide. It’s got lots of new information, and we’ve taken out or updated recommendations we made last year that are no longer best practices. This week we’ll also be publishing subject specific how-to guides every day; we’ll explain why the iPod Touch is one of the most secure devices you can possibly buy, how to wipe your devices clean before selling or recycling them, how to tell if you’ve been hacked, and more. And it’s finally time for a new episode of our animated series Greatest Moments in Hacking History.

We’re really excited about what we have planned for you this week. You can follow along here. And as always, we love to hear from you. You can get in touch via email or Signal.

d3bvgyJason KoeblerEmanuel MaibergprivacysecurityThe Weakest Linkhacking week
<![CDATA[Introducing CYBER: A Hacking Podcast by Motherboard]]>, 12 Nov 2018 15:00:00 +0000 The Weakest Link is Motherboard's third, annual theme week dedicated to the future of hacking and cybersecurity. Follow along here.

One minute, you’re using your phone as normal. The next minute, you lose cell service. “No SIM,” a message in the top left corner reads. You’re confused. You grab your computer, and try to login to your email. The password has been changed. Same with your Facebook. Your phone rings, apparently switched back on. On the other side is a hacker, who tells you that he’s stolen your phone number and your accounts, and that he’ll give them back if you send him Bitcoin.

This type of hack is becoming all too common, and there’s little consumers can do to stop it. In the pilot episode of CYBER (click here to subscribe), host Ben Makuch (who old school Motherboard fans may remember as our former Canada editor and VICELAND fans might remember from Cyberwar) talks to Motherboard senior staff writer Lorenzo Franceschi-Bicchierai about these hacks, called “SIM hijacking.” You’ll also hear audio from a real SIM hijacking ransom, in which a victim tries to talk a hacker out of stealing his money. Lorenzo has been following these hacks since last year, when a vulnerability in T-Mobile’s website allowed hackers to access customer information that could be used in a SIM swap.

We’re so excited to launch CYBER, Motherboard’s first-ever cybersecurity- and infosec-focused podcast. Each week, Ben, Lorenzo, Joseph Cox, and their sources will take you through the stories they’re working on and will break down some of the biggest topics in the cybersecurity world. We’ll go deep on travel hacking schemes, the video game piracy underground, election hacking, and wherever else the news takes us. CYBER is available on Apple Podcasts, Pocket Casts, Soundcloud, and any other podcast app you use. Please listen and tell your friends about us, and stay vigilant.

CYBER is available on Apple Podcasts, every podcast app, Soundcloud, and as a direct MP3 download.

59vpnxJason KoeblerEmanuel MaibergPodcastcyberThe Weakest Linkhacking week
<![CDATA[How to Use an iPod Touch as a Secure Device Instead of a Phone]]>, 12 Nov 2018 15:00:00 +0000 The Weakest Link is Motherboard's third, annual theme week dedicated to the future of hacking and cybersecurity. Follow along here.

SIM-jacking. Warrantless access to location data. SS7 interception. The threats against devices on traditional mobile phone networks are varied and serious. But what if there was a way to largely avoid these issues while maintaining some degree of connectivity with friends and colleagues, all on a pretty secure device?

There is. It’s using an iPod touch, which only works over Wi-Fi, and here’s how you can set one up as your phone substitute.

At the end, you’ll be able to send messages securely through apps such as Signal, protect your traffic with your own VPN, and, if you like, make calls to normal phones over the internet as well.

The issues with a regular cell phone

Hackers have targeted at least thousands of people with a technique known as SIM-jacking, in which the attackers call up the victim's telecom, and trick the company into porting the victim’s number over to the hacker’s own SIM card. The hacker then receives password reset text messages and two-factor authentication codes, letting them break into banking services and other sensitive online accounts. Sometimes the hackers bribe workers inside telecoms such as T-Mobile and AT&T to give them control over a target’s phone number.

Attacks against SS7, a protocol and related network used particularly for mobile roaming, have trickled down from nation states to cybercriminals. Last year, hackers exploited SS7 to grab text message-based two-factor authentication tokens to break into the bank accounts of mobile service provider O2 customers.

Got a tip? You can contact Joseph Cox securely on Signal on +44 20 8133 5190, OTR chat on, or email

For years, low level law enforcement have been buying cheap access to mobile phone location data from a number of dodgy resellers with minimal legal oversight. In May Senator Ron Wyden’s office and The New York Times revealed the practice; a few days later we reported that another company offered a similar product to bounty hunters, allowing them to pinpoint the location of nearly any phone in the United States. Multiple telecoms went on to say they are stopping the sale of their US customer’s location data, but the main point arguably stands: telecoms have access to a wide bevy of information on their users, often with lax security.

Some of these problems are about fundamental design decisions that ultimately won’t be fixed anytime soon. So why not take action into your own hands and stop your reliance on these networks in the first place?

How to replace your cell phone with an iPod Touch

That’s where the iPod comes in. Only communicating over Wi-Fi and lacking a baseband or SIM card, iPods are not typically susceptible to SIM jacking, SS7 interception or telecom data sharing. That’s not to say they’re without any risks, of course.

The usual tips for keeping an iPhone secure still stand: install updates when Apple releases them to make sure you have the latest security fixes; don’t jailbreak the device, as that opens it up to dodgier apps or other attacks, and use a strong passcode to ensure casual inspectors can’t flick through your data.

In order to get encrypted messaging app Signal running on the iPod, you may need to use a voice-over-internet-protocol (VoIP) service. Skype offers a paid phone number product, meaning you can make and receive normal phone calls through its iOS app. People in the US can setup a free Google Voice number. Both of these can be used to receive the initial sign-up text message from Signal to register the iPod. You could then delete any VoIP apps if you prefer to only have Signal as a way to contact you, or keep them handy for making ordinary calls and texts.

Since you’ll presumably be using a lot of public Wi-Fi with your iPod, it may be worth setting up a VPN to protect your traffic from potential snoopers too. This is possible with Algo, a set of scripts that automate much of the VPN creation process. Just make an account on a hosting provider such as Digitalocean, run the script on your PC, and answer the questions. The script will output a file that you then transfer over to your iPod; if you’re using a Mac, AirDrop works well for this. If that sounds a bit too technical, you could download a commercial VPN app instead.

But how many extra apps you wish to install depends on how seriously you want to take the security of your iPod. You could have a device solely dedicated to Signal, with no Apple ID signed in so iMessage won’t work, or other apps. This would be to decrease your so-called attack surface; limiting the number of possibilities hackers have to try and get into your device. With that being said, if you are already concerned about an attacker directly hacking into your iOS device—something typically only available to nation states, as iOS is generally considered the most robust consumer operating system in the world—you may have much more serious things to worry about.

The drawbacks of using an iPod Touch over a cell phone

An iPod does have some other drawbacks over a fully-fledged iPhone though. The latter has Apple’s coveted Secure Enclave Processor (SEP), a special chip in the device with its own operating system that protects things like cryptographic secrets and keys. The iPod does not, so also does not come with Touch or FaceID, Apple’s relatively robust alternatives to using a device passcode. The lack of SEP may also make an iPod more vulnerable to brute force attacks, in which a hacking tool, such as the GrayKey, churns through different password combinations before unlocking the device.

Then again, using an iPod is supposed to be focused on dealing with remote threats, not ones when a hacker has physical access to the device. If you need to worry more about the latter, perhaps this approach isn’t for you.

And to be clear, this quite drastic switch from a phone over to an iPod is not for everyone. It may simply be too inconvenient for a lot of people, both socially and professionally, to only rely on an internet rather than a cellular connection. Maybe the place you live doesn’t have much public Wi-Fi, or it is otherwise difficult to get online when out and about.

But for those with the means and concern around telecom threats, switching to an iPod can be a way of doing the things you would normally do on a phone but with much more security and privacy in mind.

439dk9Joseph CoxEmanuel MaibergSURVEILLANCEHackingprivacyiPhoneThe Weakest LinkipodVPNState of Surveillance​signalinformation security