Marcel Brown: October 11, 1887. Dorr Eugene Felt is granted the second of two patents on his comptometer, the first practical and commercially successful key-driven, mechanical calculator. Various comptometers were in continuous production from 1887 to the mid 1970s.

Edwin Kwan: A popular D-Link WiFi range extender device is susceptible to remote command injection, and there is currently no fix available. The researchers reached out to D-Link to report the flaw in May 2023, but despite multiple follow ups, did not receive any replies.

Katy Craig:    Google is taking a significant step towards enhancing online security by making ‘passkeys’ the default login method on its platforms. Passkeys are digital credentials stored on a user’s device, eliminating the need to remember passwords and offering a more secure alternative.

Hillary Coover:  Can the FDA keep pace with the rapidly evolving world of AI in healthcare? As developers incorporate more advanced AI systems with human-like outputs, debates around FDA regulation are going to intensify.

 

The Stories Behind the Cybersecurity Headlines

 

Edwin Kwan
D-Link Wi-Fi Device Vulnerable to Command Injection Attack

A popular D-Link WiFi range extender device is susceptible to remote command injection, and there is currently no fix available.

This is Edwin Kwan from Sydney Australia.

Security researchers have discovered that DAP-X1860, the mesh WiFi 6 range extender device from D-Link, is vulnerable to a command injection attack.

The device is currently available for sale in stores and is a popular choice among consumers with thousands of reviews on Amazon. The command injection vulnerability is due to a lack of input sanitization when the device parses WiFi SSID names. The device is unable to parse SSID names which contains a single tick in the name. Instead, it interprets that single tick (‘) as being a command terminator. This allows attackers to craft SSID names that contain a shell command after the single tick and have that command executed by the D-Link range extender device. The injected commands will be run with root privileges, allowing attackers to gain access to the device.

The researchers reached out to D-Link to report the flaw in May 2023, but despite multiple follow ups, did not receive any replies. The vulnerability does not seem to have been addressed, and device owners are recommended to limit manual network scans, treat sudden disconnections as suspicious, and to turn off the extender when not in use.

Resources
– RedTeam PenTesting: https://www.redteam-pentesting.de/en/advisories/rt-sa-2023-006/-d-link-dap-x1860-remote-command-injection
– Bleeping Computer: https://www.bleepingcomputer.com/news/security/d-link-wifi-range-extender-vulnerable-to-command-injection-attacks

 

Katy Craig
Google Goes Passwordless

Google is taking a significant step towards enhancing online security by making ‘passkeys’ the default login method on its platforms.

This is Katy Craig in San Diego, California.

Passkeys are digital credentials stored on a user’s device, eliminating the need to remember passwords and offering a more secure alternative. Unlike traditional passwords, passkeys are based on encrypted code stored locally, reducing the risk of phishing attacks.

While Google hasn’t provided specific adoption figures, it has seen users embrace this login method on platforms like YouTube and Google Maps. The move towards non-password authentication has been gaining momentum among tech giants driven by claims of improved security and reduced costs. However, some argue that the transition may present challenges for smaller businesses and platforms.

Google’s commitment to passwordless authentication marks a significant milestone in the journey towards a more secure online environment.

This is Katy Craig. Stay safe out there.

Resources
– SPGlobal: https://www.spglobal.com/marketintelligence/en/news-insights/latest-news-headlines/big-tech-pushes-forward-with-password-less-authentication-70749002
– Google: https://blog.google/technology/safety-security/passkeys-default-google-accounts/
– Wired: https://www.wired.com/story/google-passkey-default/

 

Hillary Coover
FDA Adapting to AI: Balancing Innovation and Safety

Can the FDA keep pace with the rapidly evolving world of AI in healthcare? The FDA has traditionally regulated medical devices like static compounds, requiring manufacturers to seek approval for each upgrade. However, AI-enabled devices, which often rely on dynamic algorithms, are challenging this approach.

This is Hillary Coover in Washington, DC.

These devices can continually improve by adapting to new data, making constant regulatory approvals cumbersome. So what’s the solution? The FDA is now offering an alternative path, allowing companies to submit what’s called “Predetermined Change Control Plans,” outlining expected alterations. Once approved, manufacturers can modify the device’s programming within the planned scope. This approach hopes to balance innovation with safety, giving companies some flexibility while continuing to adhere to established guidelines.

Critics argue that the FDA’s shift introduces risks, particularly concerning potential biases in AI systems and algorithmic harms that are difficult to understand and address. They suggest that the FDA is granting manufacturers way too much leeway by permitting complex algorithm changes without rigorous regulatory scrutiny.

Addressing these concerns, FDA officials have discussed the possibility of real-time monitoring for AI devices post-market release, ensuring that manufacturers closely monitor algorithm performance. But, gaining the necessary legal authority for such monitoring is probably not attainable for the FDA at this point.

As developers incorporate more advanced AI systems with human-like outputs, debates around FDA regulation are going to intensify. Some companies, like Woebot Health, offer AI-powered mental health support, but are really cautious about FDA regulations. They don’t want their users to have to obtain prescriptions to use their tool.

Overall, the FDA’s evolving policies are shaping the development of AI-enabled medical devices and influencing incentives for startups in the healthcare sector.

Perhaps in the future, the regulator could leverage some AI to enhance efficiency of evaluating AI in medical contexts.

Resources
– Wall Street Journal: https://www.wsj.com/tech/ai/your-medical-devices-are-getting-smarter-can-the-fda-keep-up-acc182e8

 

Marcel Brown
This Day, October 11, in Tech History

This is Marcel Brown serving up some technology history for October 11th.

October 11, 1887. Dorr Eugene Felt is granted the second of two patents on his comptometer, the first practical and commercially successful key-driven, mechanical calculator. Various comptometers were in continuous production from 1887 to the mid 1970s.

October 11, 1958. NASA launches Pioneer 1, the first spacecraft launched by the newly formed space agency. Originally intended to fly to the moon, a launch malfunction due to a programming error caused Pioneer 1 to only attain a ballistic trajectory, which caused it to fall back to the Earth after 43 hours of flight.

However, some useful scientific data was returned by the spacecraft.

That’s your technology history for today. For more, tune in tomorrow and visit my website, ThisDayInTechHistory.com.

Resources
– This Day in Tech History: https://thisdayintechhistory.com/10/11