The following is a joint announcement from MIT and Applied Materials, Inc.

MIT and Applied Materials, Inc., announced an agreement today that, together with a grant to MIT from the Northeast Microelectronics Coalition (NEMC) Hub, commits more than $40 million of estimated private and public investment to add advanced nano-fabrication equipment and capabilities to MIT.nano, the Institute’s center for nanoscale science and engineering. The collaboration will create a unique open-access site in the United States that supports research and development at industry-compatible scale using the same equipment found in high-volume production fabs to accelerate advances in silicon and compound semiconductors, power electronics, optical computing, analog devices, and other critical technologies.

The equipment and related funding and in-kind support provided by Applied Materials will significantly enhance MIT.nano’s existing capabilities to fabricate up to 200-millimeter (8-inch) wafers, a size essential to industry prototyping and production of semiconductors used in a broad range of markets including consumer electronics, automotive, industrial automation, clean energy, and more. Positioned to fill the gap between academic experimentation and commercialization, the equipment will help establish a bridge connecting early-stage innovation to industry pathways to the marketplace.

“A brilliant new concept for a chip won’t have impact in the world unless companies can make millions of copies of it. MIT.nano’s collaboration with Applied Materials will create a critical open-access capacity to help innovations travel from lab bench to industry foundries for manufacturing,” says Maria Zuber, MIT’s vice president for research and the E. A. Griswold Professor of Geophysics. “I am grateful to Applied Materials for its investment in this vision. The impact of the new toolset will ripple across MIT and throughout Massachusetts, the region, and the nation.”

Applied Materials is the world’s largest supplier of equipment for manufacturing semiconductors, displays, and other advanced electronics. The company will provide at MIT.nano several state-of-the-art process tools capable of supporting 150 and 200mm wafers and will enhance and upgrade an existing tool owned by MIT. In addition to assisting MIT.nano in the day-to-day operation and maintenance of the equipment, Applied engineers will develop new process capabilities that will benefit researchers and students from MIT and beyond.

“Chips are becoming increasingly complex, and there is tremendous need for continued advancements in 200mm devices, particularly compound semiconductors like silicon carbide and gallium nitride,” says Aninda Moitra, corporate vice president and general manager of Applied Materials’ ICAPS Business. “Applied is excited to team with MIT.nano to create a unique, open-access site in the U.S. where the chip ecosystem can collaborate to accelerate innovation. Our engagement with MIT expands Applied’s university innovation network and furthers our efforts to reduce the time and cost of commercializing new technologies while strengthening the pipeline of future semiconductor industry talent.”

The NEMC Hub, managed by the Massachusetts Technology Collaborative (MassTech), will allocate $7.7 million to enable the installation of the tools. The NEMC is the regional “hub” that connects and amplifies the capabilities of diverse organizations from across New England, plus New Jersey and New York. The U.S. Department of Defense (DoD) selected the NEMC Hub as one of eight Microelectronics Commons Hubs and awarded funding from the CHIPS and Science Act to accelerate the transition of critical microelectronics technologies from lab-to-fab, spur new jobs, expand workforce training opportunities, and invest in the region’s advanced manufacturing and technology sectors.

The Microelectronics Commons program is managed at the federal level by the Office of the Under Secretary of Defense for Research and Engineering and the Naval Surface Warfare Center, Crane Division, and facilitated through the National Security Technology Accelerator (NSTXL), which organizes the execution of the eight regional hubs located across the country. The announcement of the public sector support for the project was made at an event attended by leaders from the DoD and NSTXL during a site visit to meet with NEMC Hub members.

“The installation and operation of these tools at MIT.nano will have a direct impact on the members of the NEMC Hub, the Massachusetts and Northeast regional economy, and national security. This is what the CHIPS and Science Act is all about,” says Ben Linville-Engler, deputy director at the MassTech Collaborative and the interim director of the NEMC Hub. “This is an essential investment by the NEMC Hub to meet the mission of the Microelectronics Commons.”

MIT.nano is a 200,000 square-foot facility located in the heart of the MIT campus with pristine, class-100 cleanrooms capable of accepting these advanced tools. Its open-access model means that MIT.nano’s toolsets and laboratories are available not only to the campus, but also to early-stage R&D by researchers from other academic institutions, nonprofit organizations, government, and companies ranging from Fortune 500 multinationals to local startups. Vladimir Bulović, faculty director of MIT.nano, says he expects the new equipment to come online in early 2025.

“With vital funding for installation from NEMC and after a thorough and productive planning process with Applied Materials, MIT.nano is ready to install this toolset and integrate it into our expansive capabilities that serve over 1,100 researchers from academia, startups, and established companies,” says Bulović, who is also the Fariborz Maseeh Professor of Emerging Technologies in MIT’s Department of Electrical Engineering and Computer Science. “We’re eager to add these powerful new capabilities and excited for the new ideas, collaborations, and innovations that will follow.”

As part of its arrangement with MIT.nano, Applied Materials will join the MIT.nano Consortium, an industry program comprising 12 companies from different industries around the world. With the contributions of the company’s technical staff, Applied Materials will also have the opportunity to engage with MIT’s intellectual centers, including continued membership with the Microsystems Technology Laboratories.

The Cybersecurity and Infrastructure Security Agency (CISA) is urging everyone to update their Google Pixel phones. A recent security issue, called CVE-2024-32896, could let attackers ...

The post Google Pixel Users: Urgent Update Needed to Patch Security Hole appeared first on Gizchina.com.

The following is a joint announcement from MIT and Applied Materials, Inc.

MIT and Applied Materials, Inc., announced an agreement today that, together with a grant to MIT from the Northeast Microelectronics Coalition (NEMC) Hub, commits more than $40 million of estimated private and public investment to add advanced nano-fabrication equipment and capabilities to MIT.nano, the Institute’s center for nanoscale science and engineering. The collaboration will create a unique open-access site in the United States that supports research and development at industry-compatible scale using the same equipment found in high-volume production fabs to accelerate advances in silicon and compound semiconductors, power electronics, optical computing, analog devices, and other critical technologies.

The equipment and related funding and in-kind support provided by Applied Materials will significantly enhance MIT.nano’s existing capabilities to fabricate up to 200-millimeter (8-inch) wafers, a size essential to industry prototyping and production of semiconductors used in a broad range of markets including consumer electronics, automotive, industrial automation, clean energy, and more. Positioned to fill the gap between academic experimentation and commercialization, the equipment will help establish a bridge connecting early-stage innovation to industry pathways to the marketplace.

“A brilliant new concept for a chip won’t have impact in the world unless companies can make millions of copies of it. MIT.nano’s collaboration with Applied Materials will create a critical open-access capacity to help innovations travel from lab bench to industry foundries for manufacturing,” says Maria Zuber, MIT’s vice president for research and the E. A. Griswold Professor of Geophysics. “I am grateful to Applied Materials for its investment in this vision. The impact of the new toolset will ripple across MIT and throughout Massachusetts, the region, and the nation.”

Applied Materials is the world’s largest supplier of equipment for manufacturing semiconductors, displays, and other advanced electronics. The company will provide at MIT.nano several state-of-the-art process tools capable of supporting 150 and 200mm wafers and will enhance and upgrade an existing tool owned by MIT. In addition to assisting MIT.nano in the day-to-day operation and maintenance of the equipment, Applied engineers will develop new process capabilities that will benefit researchers and students from MIT and beyond.

“Chips are becoming increasingly complex, and there is tremendous need for continued advancements in 200mm devices, particularly compound semiconductors like silicon carbide and gallium nitride,” says Aninda Moitra, corporate vice president and general manager of Applied Materials’ ICAPS Business. “Applied is excited to team with MIT.nano to create a unique, open-access site in the U.S. where the chip ecosystem can collaborate to accelerate innovation. Our engagement with MIT expands Applied’s university innovation network and furthers our efforts to reduce the time and cost of commercializing new technologies while strengthening the pipeline of future semiconductor industry talent.”

The NEMC Hub, managed by the Massachusetts Technology Collaborative (MassTech), will allocate $7.7 million to enable the installation of the tools. The NEMC is the regional “hub” that connects and amplifies the capabilities of diverse organizations from across New England, plus New Jersey and New York. The U.S. Department of Defense (DoD) selected the NEMC Hub as one of eight Microelectronics Commons Hubs and awarded funding from the CHIPS and Science Act to accelerate the transition of critical microelectronics technologies from lab-to-fab, spur new jobs, expand workforce training opportunities, and invest in the region’s advanced manufacturing and technology sectors.

The Microelectronics Commons program is managed at the federal level by the Office of the Under Secretary of Defense for Research and Engineering and the Naval Surface Warfare Center, Crane Division, and facilitated through the National Security Technology Accelerator (NSTXL), which organizes the execution of the eight regional hubs located across the country. The announcement of the public sector support for the project was made at an event attended by leaders from the DoD and NSTXL during a site visit to meet with NEMC Hub members.

“The installation and operation of these tools at MIT.nano will have a direct impact on the members of the NEMC Hub, the Massachusetts and Northeast regional economy, and national security. This is what the CHIPS and Science Act is all about,” says Ben Linville-Engler, deputy director at the MassTech Collaborative and the interim director of the NEMC Hub. “This is an essential investment by the NEMC Hub to meet the mission of the Microelectronics Commons.”

MIT.nano is a 200,000 square-foot facility located in the heart of the MIT campus with pristine, class-100 cleanrooms capable of accepting these advanced tools. Its open-access model means that MIT.nano’s toolsets and laboratories are available not only to the campus, but also to early-stage R&D by researchers from other academic institutions, nonprofit organizations, government, and companies ranging from Fortune 500 multinationals to local startups. Vladimir Bulović, faculty director of MIT.nano, says he expects the new equipment to come online in early 2025.

“With vital funding for installation from NEMC and after a thorough and productive planning process with Applied Materials, MIT.nano is ready to install this toolset and integrate it into our expansive capabilities that serve over 1,100 researchers from academia, startups, and established companies,” says Bulović, who is also the Fariborz Maseeh Professor of Emerging Technologies in MIT’s Department of Electrical Engineering and Computer Science. “We’re eager to add these powerful new capabilities and excited for the new ideas, collaborations, and innovations that will follow.”

As part of its arrangement with MIT.nano, Applied Materials will join the MIT.nano Consortium, an industry program comprising 12 companies from different industries around the world. With the contributions of the company’s technical staff, Applied Materials will also have the opportunity to engage with MIT’s intellectual centers, including continued membership with the Microsystems Technology Laboratories.

The following is a joint announcement from MIT and Applied Materials, Inc.

MIT and Applied Materials, Inc., announced an agreement today that, together with a grant to MIT from the Northeast Microelectronics Coalition (NEMC) Hub, commits more than $40 million of estimated private and public investment to add advanced nano-fabrication equipment and capabilities to MIT.nano, the Institute’s center for nanoscale science and engineering. The collaboration will create a unique open-access site in the United States that supports research and development at industry-compatible scale using the same equipment found in high-volume production fabs to accelerate advances in silicon and compound semiconductors, power electronics, optical computing, analog devices, and other critical technologies.

The equipment and related funding and in-kind support provided by Applied Materials will significantly enhance MIT.nano’s existing capabilities to fabricate up to 200-millimeter (8-inch) wafers, a size essential to industry prototyping and production of semiconductors used in a broad range of markets including consumer electronics, automotive, industrial automation, clean energy, and more. Positioned to fill the gap between academic experimentation and commercialization, the equipment will help establish a bridge connecting early-stage innovation to industry pathways to the marketplace.

“A brilliant new concept for a chip won’t have impact in the world unless companies can make millions of copies of it. MIT.nano’s collaboration with Applied Materials will create a critical open-access capacity to help innovations travel from lab bench to industry foundries for manufacturing,” says Maria Zuber, MIT’s vice president for research and the E. A. Griswold Professor of Geophysics. “I am grateful to Applied Materials for its investment in this vision. The impact of the new toolset will ripple across MIT and throughout Massachusetts, the region, and the nation.”

Applied Materials is the world’s largest supplier of equipment for manufacturing semiconductors, displays, and other advanced electronics. The company will provide at MIT.nano several state-of-the-art process tools capable of supporting 150 and 200mm wafers and will enhance and upgrade an existing tool owned by MIT. In addition to assisting MIT.nano in the day-to-day operation and maintenance of the equipment, Applied engineers will develop new process capabilities that will benefit researchers and students from MIT and beyond.

“Chips are becoming increasingly complex, and there is tremendous need for continued advancements in 200mm devices, particularly compound semiconductors like silicon carbide and gallium nitride,” says Aninda Moitra, corporate vice president and general manager of Applied Materials’ ICAPS Business. “Applied is excited to team with MIT.nano to create a unique, open-access site in the U.S. where the chip ecosystem can collaborate to accelerate innovation. Our engagement with MIT expands Applied’s university innovation network and furthers our efforts to reduce the time and cost of commercializing new technologies while strengthening the pipeline of future semiconductor industry talent.”

The NEMC Hub, managed by the Massachusetts Technology Collaborative (MassTech), will allocate $7.7 million to enable the installation of the tools. The NEMC is the regional “hub” that connects and amplifies the capabilities of diverse organizations from across New England, plus New Jersey and New York. The U.S. Department of Defense (DoD) selected the NEMC Hub as one of eight Microelectronics Commons Hubs and awarded funding from the CHIPS and Science Act to accelerate the transition of critical microelectronics technologies from lab-to-fab, spur new jobs, expand workforce training opportunities, and invest in the region’s advanced manufacturing and technology sectors.

The Microelectronics Commons program is managed at the federal level by the Office of the Under Secretary of Defense for Research and Engineering and the Naval Surface Warfare Center, Crane Division, and facilitated through the National Security Technology Accelerator (NSTXL), which organizes the execution of the eight regional hubs located across the country. The announcement of the public sector support for the project was made at an event attended by leaders from the DoD and NSTXL during a site visit to meet with NEMC Hub members.

“The installation and operation of these tools at MIT.nano will have a direct impact on the members of the NEMC Hub, the Massachusetts and Northeast regional economy, and national security. This is what the CHIPS and Science Act is all about,” says Ben Linville-Engler, deputy director at the MassTech Collaborative and the interim director of the NEMC Hub. “This is an essential investment by the NEMC Hub to meet the mission of the Microelectronics Commons.”

MIT.nano is a 200,000 square-foot facility located in the heart of the MIT campus with pristine, class-100 cleanrooms capable of accepting these advanced tools. Its open-access model means that MIT.nano’s toolsets and laboratories are available not only to the campus, but also to early-stage R&D by researchers from other academic institutions, nonprofit organizations, government, and companies ranging from Fortune 500 multinationals to local startups. Vladimir Bulović, faculty director of MIT.nano, says he expects the new equipment to come online in early 2025.

“With vital funding for installation from NEMC and after a thorough and productive planning process with Applied Materials, MIT.nano is ready to install this toolset and integrate it into our expansive capabilities that serve over 1,100 researchers from academia, startups, and established companies,” says Bulović, who is also the Fariborz Maseeh Professor of Emerging Technologies in MIT’s Department of Electrical Engineering and Computer Science. “We’re eager to add these powerful new capabilities and excited for the new ideas, collaborations, and innovations that will follow.”

As part of its arrangement with MIT.nano, Applied Materials will join the MIT.nano Consortium, an industry program comprising 12 companies from different industries around the world. With the contributions of the company’s technical staff, Applied Materials will also have the opportunity to engage with MIT’s intellectual centers, including continued membership with the Microsystems Technology Laboratories.

Drinking-water systems pose increasingly attractive targets as malicious hacker activity is on the rise globally, according to new warnings from security agencies around the world. According to experts, basic countermeasures—including changing default passwords and using multifactor authentication—can still provide substantial defense. However, in the United States alone, more than 50,000 community water systems also represent a landscape of potential vulnerabilities that have provided a hacker’s playground in recent months.

Last November, for instance, hackers linked to Iran’s Islamic Revolutionary Guard broke into a water system in the western Pennsylvania town of Aliquippa. In January, infiltrators linked to a Russian hacktivist group penetrated the water system of a Texas town near the New Mexico border. In neither case did the attacks cause any substantial damage to the systems.

Yet the larger threat is still very real, according to officials. “When we think about cybersecurity and cyberthreats in the water sector, this is not a hypothetical,” a U.S. Environmental Protection Agency spokesperson said at a press briefing last year. “This is happening right now.” Then, to add to the mix, last month at a public forum in Nashville, FBI director Christopher Wray noted that China’s shadowy Volt Typhoon network (also known as “Vanguard Panda”) had broken into “critical telecommunications, energy, water, and other infrastructure sectors.”

“These attacks were not extremely sophisticated.” —Katherine DiEmidio Ledesma, Dragos

A 2021 review of cybervulnerabilities in water systems, published in the journal Water, highlights the converging factors of increasingly AI-enhanced and Internet-connected tools running more and bigger drinking-water and wastewater systems.

“These recent cyberattacks in Pennsylvania and Texas highlight the growing frequency of cyberthreats to water systems,” says study author Nilufer Tuptuk, a lecturer in security and crime science at University College London. “Over the years, this sense of urgency has increased, due to the introduction of new technologies such as IoT systems and expanded connectivity. These advancements bring their own set of vulnerabilities, and water systems are prime targets for skilled actors, including nation-states.”

According to Katherine DiEmidio Ledesma, head of public policy and government affairs at Washington, D.C.–based cybersecurity firm Dragos, both attacks bored into holes that should have been plugged in the first place. “I think the interesting point, and the first thing to consider here, is that these attacks were not extremely sophisticated,” she says. “They exploited things like default passwords and things like that to gain access.”

Low priority, low-hanging fruit

Peter Hazell is the cyberphysical security manager at Yorkshire Water in Bradford, England—and a coauthor of the Water 2021 cybervulnerability review in water systems. He says the United States’ power grid is relatively well-resourced and hardened against cyberattack, at least when compared to American water systems.

“The structure of the water industry in the United States differs significantly from that of Europe and the United Kingdom, and is often criticized for insufficient investment in basic maintenance, let alone cybersecurity,” Hazell says. “In contrast, the U.S. power sector, following some notable blackouts, has recognized its critical importance...and established [the North American Electric Reliability Corporation] in response. There is no equivalent initiative for safeguarding the water sector in the United States, mainly due to its fragmented nature—typically operated as multiple municipal concerns rather than the large interconnected regional model found elsewhere.”

DiEmidio Ledesma says the problem of abundance is not the United States’ alone, however. “There are so many water utilities across the globe that it’s just a numbers game, I think,” she says. “With the digitalization comes increased risk from adversaries who may be looking to target the water sector through cyber means, because a water facility in Virginia may look very similar now to a water utility in California, to a water utility in Europe, to a water utility in Asia. So because they’re using the same components, they can be targeted through the same means.

“And so we do continue to see utilities in critical infrastructure and water facilities targeted by adversaries,” she adds. “Or at least we continue to hear from governments from the United States, from other governments, that they are being targeted.”

A U.S. turnaround imminent?

Last month, Arkansas congressman Rick Crawford and California congressman John Duarte introduced the Water Risk and Resilience Organization (WRRO) Establishment Act to found a U.S. federal agency to monitor and guard against the above risks. According to Kevin Morley, manager of federal relations at the Washington, D.C.–based American Water Works Association, it’s a welcome sign of what could be some imminent relief, if the bill can make it into law.

“We developed a white paper recommending this type of approach in 2021,” Morley says. “I have testified to that effect several times, given our recognition that some level of standardization is necessary to provide a common understanding of expectations.”

“I think the best phrase to sum it up is ‘target rich, resource poor.’” —Katherine DiEmidio Ledesma, Dragos

Hazell, of Yorkshire Water, notes that even if the bill does become law, it may not be all its supporters might want. “While the development of the act is encouraging, it feels a little late and limited,” he says. By contrast, Hazell points to the United Kingdom and the European Union’s Network and Information Security Directives in 2016 and 2023, which coordinate cyberdefenses across a range of a member country’s critical infrastructure. The patchwork quilt approach that the United States appears to be going for, he notes, could still leave substantial holes.

“I think the best phrase to sum it up is ‘target rich, resource poor,’” says DiEmidio Ledesma, about the cybersecurity challenges municipal water systems pose today. “It’s a very distributed network of critical infrastructure. [There are] many, many small community water facilities, and [they're] very vital to communities throughout the United States and internationally.”

In response to the emerging threats, Anne Neuberger, U.S. deputy national security advisor for cyber and emerging technologies, issued a public call in March for U.S. states to report on their plans for securing the cyberdefenses of their water and wastewater systems by May 20. When contacted by IEEE Spectrum about the results and responses from Neuberger’s summons, a U.S. State Department spokesperson declined to comment.

Britain's signals intelligence spy chief raised eyebrows this week with warnings that Russia is coordinating both cyberattacks and physical acts of sabotage against the West. There's evidence to back her claims—and the West may be returning the favor. Coming soon after FBI Director Christopher Wray warned that China is targeting American infrastructure, it looks like the world is not only fracturing once again, but that the hostile blocs are engaged in covert warfare.

Rumors of War

"We are increasingly concerned about growing links between the Russian intelligence services and proxy groups to conduct cyberattacks as well as suspected physical surveillance and sabotage operations," Government Communications Headquarters (GCHQ) Director Anne Keast-Butler told an audience at the United Kingdom government-sponsored CyberUK 2024 conference. "Before, Russia simply created the right environments for these groups to operate, but now they are nurturing and inspiring these non-state cyber actors in some cases seemingly coordinating physical attacks against the West."

Keast-Butler, whose agency is comparable to the U.S. National Security Agency (NSA), also called out China, Iran, and North Korea as cybersecurity dangers. But naming Russian officials as being behind "physical attacks" raises the stakes. Sadly, her claims are well-founded.

Sabotage, Espionage, and Other Mischief

"A 20-year-old British man has been charged with masterminding an arson plot against a Ukrainian-linked target in London for the benefit of the Russian state," CBS News reported last month. That wasn't an isolated incident.

"In April alone a clutch of alleged pro-Russian saboteurs were detained across the continent," The Economist noted May 12 in describing what it called a "shadow war" between East and West. "Germany arrested two German-Russian dual nationals on suspicion of plotting attacks on American military facilities and other targets on behalf of the GRU, Russia's military intelligence agency. Poland arrested a man who was preparing to pass the GRU information on Rzeszow airport, the most important hub for military aid to Ukraine. Britain charged several men over an earlier arson attack in March on a Ukrainian-owned logistics firm in London whose Spanish depot was also targeted."

The GCHQ chief's warnings coupled with reality on the ground are alarming in themselves. Worse, they come after FBI Director Christopher Wray issued similar cautions in April about China.

"The PRC [People's Republic of China] has made it clear that it considers every sector that makes our society run as fair game in its bid to dominate on the world stage, and that its plan is to land low blows against civilian infrastructure to try to induce panic and break America's will to resist," Wray told the Vanderbilt Summit on Modern Conflict and Emerging Threats in Nashville, Tennessee.

Wray clarified that, by "infrastructure," he meant "everything from water treatment facilities and energy grids to transportation and information technology."

If that doesn't make you want to check that your pantry is stocked and that the water filter and generator are in working order, nothing will.

A Game Both Sides Can Play

Of course, in war of any sort, the implication is that both sides are involved in conflict. Western intelligence officials are loud in their warnings about foreign threats, but less open regarding just what their own operatives might be doing in Russia, China, and elsewhere. Still, there's evidence that this is hardly a one-sided war, shadowy though it may be.

In June 2022, The New York Times reported that Ukraine's defensive efforts relied heavily on "a stealthy network of commandos and spies rushing to provide weapons, intelligence and training." In addition to Americans, the story noted, "commandos from other NATO countries, including Britain, France, Canada and Lithuania, also have been working inside Ukraine."

American journalist and combat veteran Jack Murphy goes further, claiming the CIA, working through an allied spy service "is responsible for many of the unexplained explosions and other mishaps that have befallen the Russian military industrial complex." The targets include "railway bridges, fuel depots and power plants," he adds.

And if you wonder who blew up Nord Stream 1 and 2, well, so do a lot of people. Russia was initially accused, but it didn't make a lot of sense for the country's forces to destroy pipelines that generated revenue and fed western dependence on Russian natural gas. Since then, Denmark and Sweden have closed inconclusive investigations, journalist Seymour Hersh blamed American officials, and a report by Der Spiegel and The Washington Post placed responsibility on a rogue Ukrainian military officer.

The Wider War Is Here

Taken all together, the warnings from Keast-Butler and Wray, as well as acts of sabotage and arrests of foreign agents suggest that fears of a wider war resulting from Russia's continuing invasion of Ukraine may miss the point; the war could already be here. People looking for tanks and troops are overlooking cyber intrusions, arson, bombings, and other low-level mayhem.

"Russia is definitely at war with the West," Oleksandr Danylyuk of the Royal United Services Institute, a British defense and security think tank, told NBC News earlier this week.

Russian officials seem to embrace that understanding, with Kremlin spokesman Dmitry Peskov commenting in March that the invasion of Ukraine, originally referred to by the euphemism "special military operation," is now more serious. "It has become a war for us as the collective West more and more directly increases its level of involvement in the conflict," he said.

Fortunately, a shadow war of the sort around us is less destructive than open military conflict, especially when the hostilities involve nuclear-armed powers. It's far better that spies hack the email accounts of government officials, as happened in the case of a Russian cyberattack on Germany's ruling Social Democrats, than that cities burn. But civilians still must live with the consequences of combatants attempting to do each other harm—particularly when the harm is to infrastructure on which regular people rely.

So, welcome to the world of global shadow war. Try to not become collateral damage.

The post World War War III May Already Have Started—in the Shadows appeared first on Reason.com.

HMIs (Human Machine Interfaces) can be broadly defined as just about anything that allows humans to interface with their machines, and so are found throughout the technical world. In OT environments, operators use various HMIs to interact with industrial control systems in order to direct and monitor the operational systems. And wherever humans and machines intersect, security problems can ensue.

Protecting HMI in cybersecurity plans, particularly in OT/ICS environments, can be a challenge, as HMIs offer a variety of vulnerabilities that threat actors can exploit to achieve any number of goals, from extortion to sabotage.

Consider the sort of OT environments HMIs are found in, including water and power utilities, manufacturing facilities, chemical production, oil and gas infrastructure, smart buildings, hospitals, and more. The HMIs in these environments offer bad actors a range of attack vectors through which they can enter and begin to wreak havoc, either financial, physical, or both.

What’s the relationship between HMI and SCADA?

SCADA (supervisory control and data acquisition) systems are used to acquire and analyze data and control industrial systems. Because of the role SCADA plays in these settings — generally overseeing the control of hugely complex, expensive, and dangerous-if-misused industrial equipment, processes, and facilities — they are extremely attractive to threat actors.

Unfortunately, the HMIs that operators use to interface with these systems may contain a number of vulnerabilities that are among the most highly exploitable and frequently breached vectors for attacks against SCADA systems.

Once an attacker gains access, they can seize from operators the ability to control the system. They can cause machinery to malfunction and suffer irreparable damage; they can taint products, steal information, and extort ransom. Even beyond ransom demands, the cost of production stoppages, lost sales, equipment replacement, and reputational damage can swallow some companies and create shortages in the market. Attacks can also cause equipment to perform in ways that threaten human life and safety.

Three types of HMIs in ICS that are vulnerable to attack

HMI security has to account for a range of “vulnerability options” available for exploitation by bad actors, such as keyboards, touch screens, and tablets, as well as more sophisticated interface points. Among the more frequently attacked are the Graphical User Interface and mobile and remote access.

Graphical User Interface

Attackers can use the Graphical User Interface or GUI to gain complete access to the system and manipulate it at will. They can often gain access by exploiting misconfigured access controls or bugs and other vulnerabilities that exist in a lot of software, including GUI software. If the system is web- or network-connected, their work is easier, especially if introducing malware is a goal. Once in, they can also move laterally, exploring or compromising interconnected systems and widening the attack.

Mobile and remote access

Even before COVID-19, mobile and remote access techniques were already being incorporated into managing a growing number of OT networks. When the pandemic hit hard, remote access often became a necessity. As the crisis faded, however, mobile and remote access became even more entrenched.

Remote access points are especially vulnerable. For one, remote access software can contain its own security vulnerabilities, like unpatched flaws and bugs or misconfigurations. Attackers may find openings in VPNs (virtual private networks) or RDP (remote desktop protocol) and use these holes to slip past security measures and carry out their mission.

Access controls

Attackers can compromise access control mechanisms to acquire the same permissions and privileges as authorized users, and once they gain access, they can do pretty much anything they want regarding system operations and data access. Access can be gained in many of the usual ways, such as an outdated VPN or stolen or purchased credentials. (Stolen or other credentials are readily available through online markets.)

The initial attack may just be a toe in the network while reconnaissance for holes in the access control system is conducted. Weak passwords, unnecessary access rights, and the usual misconfigurations and software vulnerabilities are all an attacker needs. As further walls are breached, attackers can then escalate their level of privilege to do whatever a legitimate user can do.

Understanding attack techniques in ICS HMI cybersecurity

Code injection

When attackers insert or inject malicious code into a software program or system, that’s code injection, and it can give the attacker access to core system functions. The resulting mayhem can include manipulation of control software, leading to shutdowns, equipment damage, and dangerous, even life-threatening situations if system changes result in hazardous chemical releases, changed formulas, explosions, or the misbehavior of large, heavy machinery. Code injections can corrupt, delete, or steal data and may result in compliance failure and fines in certain situations.

Malware virus infection

Malware can enter a network through various access points in addition to HMIs, even ones no one would ever expect, such as manufacturer-provided software updates or factory-fresh physical assets added to the production environment. A technician connecting a laptop or an employee plugging in a flash drive without knowing it’s infected will work just as well. As the walls between IT and OT thin, that attack surface widens as well. Once in the network, the attacker can escalate privileges, look around a bit, and see what’s worth doing or stealing. When enough has been learned, the attacker executes the malicious code, which can include ransomware or spyware. As in other attacks, operations can be interfered with, sometimes dangerously so.

Data tampering

Data tampering simply means that data is altered without authorization, including data used to operate, control, and monitor industrial systems. Attackers gain access through vulnerabilities in the system software or HMI devices or through passageways between IT and OT. Once in, they can explore the system to give themselves even greater access to more sensitive areas, where they can steal valuable and confidential system data, interrupt operations, compromise equipment, and damage the company’s business interests and competitive advantage.

Memory corruption

Memory corruption can happen in any computer network and may not represent anything nefarious. Yet memory corruption has also been used as an attack technique that can be deployed against OT networks and is thus potentially extremely damaging since data controls machinery, processes, formulas, and other essential functions. Attackers find software vulnerabilities in HMI or other access points through which the memory of an application or system can be reached and corrupted. This can lead to crashes, data leakage, denial of services (DoS), and even attacker takeovers of ICS and SCADA systems.

Spear phishing

Spear phishing attacks are generally launched against IT networks, which can then be used to open a corridor to the OT network. Spear phishing is basically a more targeted version of phishing attacks, in which an attacker will impersonate a legitimate, trusted source via email or web page, for example. In 2014, attackers targeted a German steel mill with an email suspected of carrying malicious code. They then used access to the business network to get to the SCADA/ICS network, where they modified the PLCs (programmable logic controllers) and took over the furnace’s operations. The physical damage they inflicted forced the plant to shut down.

DoS and DDoS attacks

Denial of Service (DoS) and Distributed Denial of Service (DDoS) work by overwhelming HMI points with excessive traffic or requests so they are unable to handle authorized control and monitoring functions. In 2016, some particularly vicious malware dubbed Industroyer (also Crashoveride) was deployed in an attack against Ukraine’s power grid and blacked out a substantial section of Kyiv. Industroyer was developed specifically to attack ICS and SCADA systems. The multipronged attack began by exploiting vulnerabilities in digital substation relays. A timer regulating the attack executed a distributed denial-of-service (DDoS) attack on every protection relay on the network that used any of four specific communication protocols. Simultaneously, it deleted all MicroSCADA-related files from the workstations’ hard drives. As the relays stopped functioning, lights went out across the city.

Exploiting remote access

The growing use of remote access to HMI systems during and after COVID-19 has provided threat actors with a wealth of newly available attack vectors. Less-than-airtight remote access security protocols make them very enticing for ICS-specific malware. HAVEX malware, for example, uses a remote access trojan (RAT) downloaded from OT vendor websites. The RAT can then scan for devices on the ports commonly used OT assets, collect information, and send it back to the attacker’s command and control server. A long-term attack used just such a method to gain remote access to energy networks in the U.S. and internationally, during which data thieves collected and “exfiltrated” (stole) enterprise and ICS-related data.

Credential theft

Obtaining unauthorized credentials is not all that difficult these days, with a robust online marketplace making it easier than ever. Phishing and spear phishing, malware, weak passwords, and vulnerabilities or misconfigurations that grant access to places where unencrypted credentials are all sources. With credentials in hand, attackers can move past security, including MFA (multifactor authentication), conduct reconnaissance, and give themselves whatever level of privilege they need to complete whatever their mission is. Or they simply persist and observe, learning all they can before finally acting against the ICS or SCADA system.

Zero-day attacks

Zero-day attacks got their name because they’re generally carried out against a previously existing yet unknown vulnerability; the vendor has zero days to fix it because the attack is already underway. Vulnerabilities that are completely unknown to either the software developer or the cybersecurity community exist throughout the software world, including in OT networks and their HMIs. Unsuspected and thus unpatched, they give fast-moving threat actors the opportunity to carry out a zero-day attack without resistance. The 2010 Stuxnet attack against Iran’s nuclear program used zero-day vulnerabilities in Windows to access the network and spread, eventually destroying the centrifuges. One thousand machines sustained physical damage.

Best practices for enhancing HMI security

Network segmentation for isolation

Network segmentation should be a core defense in securing industrial networks. Segmentation creates an environment that’s naturally resistant to intruders. Many of the attack techniques described above give attackers the ability to move laterally through the network. Segmenting the network prevents this lateral movement, limiting the attack radius and potential for damage. As OT networks become more connected to the world and the line between IT and OT continues to blur, network segmentation can segregate HMI systems from other parts of the network and the outside world. It can also segment defined zones within the OT network from each other so attacks can be contained.

Software and firmware updates

Software and firmware updates are recommended in all cybersecurity situations, but installing patches and updates in OT networks is easier said than done. OT networks prioritize continuous operations. There are compatibility issues, unpatchable legacy systems, and other roadblocks. The solution is virtual patching. Virtual patching is achieved by identifying all vulnerabilities within an OT network and applying a security mechanism such as a physical IPS (intrusion prevention system) or firewall. Rules are created, traffic is inspected and filtered, and attacks can be blocked and investigated.

Employee training on cybersecurity awareness

The more employees know about network operations, vulnerabilities, and cyberattack methods, the more they can do to help protect the network. Since few organizations have the internal staff to provide the necessary training, third-party training partners can be a viable solution. In any event, all employees should be trained in a company’s written policies, the general threat landscape, security best practices, how to handle physical assets like flash drives or laptops, how to recognize an attack, and what the company’s response protocol is. Specific training should be provided for employees who work remotely.

The evolving HMI security threat landscape

Concrete predictions about future threats and responses are hard to make, but the HMI security threat landscape will most likely evolve much the same way the entire security landscape will, with one major addition.

Air-gapped environments are going away

For a long time, many OT networks were air-gapped off from the world, physically and digitally isolated from the risks of contamination. Data and malware transfer alike required physical media, but inconvenience was safety. As OT networks continue to merge with the connected world, that kind of protection is going away. Remote work is becoming more prevalent, and the very connected IoT (Internet of Things) is now all over the automated factory floor. If wireless access points are left hanging from equipment, no one gives it a thought, except threat actors looking for a way in. (This is where basic employee training might help.)

Threat actors are innovators

Threat actors are becoming increasingly sophisticated. They devote much more time and thought to innovative ways to penetrate HMI and other OT network points than the people who operate them. AI and machine learning techniques are further empowering bad actors.

The statistics bear this out, especially as IT and OT networks continue to converge. In a study on 2023 OT/ICS cybersecurity activities, 76% of organizations were moving toward converged networks, and 97% reported IT security incidents also affected OT environments. Nearly half (47%) of businesses reported OT/ICS ransomware attacks, and 76% had significant concerns about state-sponsored actors.

On the positive side, however, pressure from regulators, insurance companies, and boards of directors is pushing organizations to think and act on cybersecurity for HMI points and throughout the network far more aggressively than many currently do. According to the study, 68% of organizations were increasing their budgets, 38% had dedicated OT security teams, and 77% had achieved a level-3 maturity in OT/ICS security.

Complete OT security

Cybersecurity in industrial environments presents challenges far different than those in IT networks. TXOne specializes in OT cybersecurity, with OT-native solutions designed for the equipment, environment, and day-to-day realities of industrial settings.

The post Enhancing HMI Security: How To Protect ICS Environments From Cyber Threats appeared first on Semiconductor Engineering.

The following is a joint announcement from MIT and Applied Materials, Inc.

MIT and Applied Materials, Inc., announced an agreement today that, together with a grant to MIT from the Northeast Microelectronics Coalition (NEMC) Hub, commits more than $40 million of estimated private and public investment to add advanced nano-fabrication equipment and capabilities to MIT.nano, the Institute’s center for nanoscale science and engineering. The collaboration will create a unique open-access site in the United States that supports research and development at industry-compatible scale using the same equipment found in high-volume production fabs to accelerate advances in silicon and compound semiconductors, power electronics, optical computing, analog devices, and other critical technologies.

The equipment and related funding and in-kind support provided by Applied Materials will significantly enhance MIT.nano’s existing capabilities to fabricate up to 200-millimeter (8-inch) wafers, a size essential to industry prototyping and production of semiconductors used in a broad range of markets including consumer electronics, automotive, industrial automation, clean energy, and more. Positioned to fill the gap between academic experimentation and commercialization, the equipment will help establish a bridge connecting early-stage innovation to industry pathways to the marketplace.

“A brilliant new concept for a chip won’t have impact in the world unless companies can make millions of copies of it. MIT.nano’s collaboration with Applied Materials will create a critical open-access capacity to help innovations travel from lab bench to industry foundries for manufacturing,” says Maria Zuber, MIT’s vice president for research and the E. A. Griswold Professor of Geophysics. “I am grateful to Applied Materials for its investment in this vision. The impact of the new toolset will ripple across MIT and throughout Massachusetts, the region, and the nation.”

Applied Materials is the world’s largest supplier of equipment for manufacturing semiconductors, displays, and other advanced electronics. The company will provide at MIT.nano several state-of-the-art process tools capable of supporting 150 and 200mm wafers and will enhance and upgrade an existing tool owned by MIT. In addition to assisting MIT.nano in the day-to-day operation and maintenance of the equipment, Applied engineers will develop new process capabilities that will benefit researchers and students from MIT and beyond.

“Chips are becoming increasingly complex, and there is tremendous need for continued advancements in 200mm devices, particularly compound semiconductors like silicon carbide and gallium nitride,” says Aninda Moitra, corporate vice president and general manager of Applied Materials’ ICAPS Business. “Applied is excited to team with MIT.nano to create a unique, open-access site in the U.S. where the chip ecosystem can collaborate to accelerate innovation. Our engagement with MIT expands Applied’s university innovation network and furthers our efforts to reduce the time and cost of commercializing new technologies while strengthening the pipeline of future semiconductor industry talent.”

The NEMC Hub, managed by the Massachusetts Technology Collaborative (MassTech), will allocate $7.7 million to enable the installation of the tools. The NEMC is the regional “hub” that connects and amplifies the capabilities of diverse organizations from across New England, plus New Jersey and New York. The U.S. Department of Defense (DoD) selected the NEMC Hub as one of eight Microelectronics Commons Hubs and awarded funding from the CHIPS and Science Act to accelerate the transition of critical microelectronics technologies from lab-to-fab, spur new jobs, expand workforce training opportunities, and invest in the region’s advanced manufacturing and technology sectors.

The Microelectronics Commons program is managed at the federal level by the Office of the Under Secretary of Defense for Research and Engineering and the Naval Surface Warfare Center, Crane Division, and facilitated through the National Security Technology Accelerator (NSTXL), which organizes the execution of the eight regional hubs located across the country. The announcement of the public sector support for the project was made at an event attended by leaders from the DoD and NSTXL during a site visit to meet with NEMC Hub members.

“The installation and operation of these tools at MIT.nano will have a direct impact on the members of the NEMC Hub, the Massachusetts and Northeast regional economy, and national security. This is what the CHIPS and Science Act is all about,” says Ben Linville-Engler, deputy director at the MassTech Collaborative and the interim director of the NEMC Hub. “This is an essential investment by the NEMC Hub to meet the mission of the Microelectronics Commons.”

MIT.nano is a 200,000 square-foot facility located in the heart of the MIT campus with pristine, class-100 cleanrooms capable of accepting these advanced tools. Its open-access model means that MIT.nano’s toolsets and laboratories are available not only to the campus, but also to early-stage R&D by researchers from other academic institutions, nonprofit organizations, government, and companies ranging from Fortune 500 multinationals to local startups. Vladimir Bulović, faculty director of MIT.nano, says he expects the new equipment to come online in early 2025.

“With vital funding for installation from NEMC and after a thorough and productive planning process with Applied Materials, MIT.nano is ready to install this toolset and integrate it into our expansive capabilities that serve over 1,100 researchers from academia, startups, and established companies,” says Bulović, who is also the Fariborz Maseeh Professor of Emerging Technologies in MIT’s Department of Electrical Engineering and Computer Science. “We’re eager to add these powerful new capabilities and excited for the new ideas, collaborations, and innovations that will follow.”

As part of its arrangement with MIT.nano, Applied Materials will join the MIT.nano Consortium, an industry program comprising 12 companies from different industries around the world. With the contributions of the company’s technical staff, Applied Materials will also have the opportunity to engage with MIT’s intellectual centers, including continued membership with the Microsystems Technology Laboratories.

HMIs (Human Machine Interfaces) can be broadly defined as just about anything that allows humans to interface with their machines, and so are found throughout the technical world. In OT environments, operators use various HMIs to interact with industrial control systems in order to direct and monitor the operational systems. And wherever humans and machines intersect, security problems can ensue.

Protecting HMI in cybersecurity plans, particularly in OT/ICS environments, can be a challenge, as HMIs offer a variety of vulnerabilities that threat actors can exploit to achieve any number of goals, from extortion to sabotage.

Consider the sort of OT environments HMIs are found in, including water and power utilities, manufacturing facilities, chemical production, oil and gas infrastructure, smart buildings, hospitals, and more. The HMIs in these environments offer bad actors a range of attack vectors through which they can enter and begin to wreak havoc, either financial, physical, or both.

What’s the relationship between HMI and SCADA?

SCADA (supervisory control and data acquisition) systems are used to acquire and analyze data and control industrial systems. Because of the role SCADA plays in these settings — generally overseeing the control of hugely complex, expensive, and dangerous-if-misused industrial equipment, processes, and facilities — they are extremely attractive to threat actors.

Unfortunately, the HMIs that operators use to interface with these systems may contain a number of vulnerabilities that are among the most highly exploitable and frequently breached vectors for attacks against SCADA systems.

Once an attacker gains access, they can seize from operators the ability to control the system. They can cause machinery to malfunction and suffer irreparable damage; they can taint products, steal information, and extort ransom. Even beyond ransom demands, the cost of production stoppages, lost sales, equipment replacement, and reputational damage can swallow some companies and create shortages in the market. Attacks can also cause equipment to perform in ways that threaten human life and safety.

Three types of HMIs in ICS that are vulnerable to attack

HMI security has to account for a range of “vulnerability options” available for exploitation by bad actors, such as keyboards, touch screens, and tablets, as well as more sophisticated interface points. Among the more frequently attacked are the Graphical User Interface and mobile and remote access.

Graphical User Interface

Attackers can use the Graphical User Interface or GUI to gain complete access to the system and manipulate it at will. They can often gain access by exploiting misconfigured access controls or bugs and other vulnerabilities that exist in a lot of software, including GUI software. If the system is web- or network-connected, their work is easier, especially if introducing malware is a goal. Once in, they can also move laterally, exploring or compromising interconnected systems and widening the attack.

Mobile and remote access

Even before COVID-19, mobile and remote access techniques were already being incorporated into managing a growing number of OT networks. When the pandemic hit hard, remote access often became a necessity. As the crisis faded, however, mobile and remote access became even more entrenched.

Remote access points are especially vulnerable. For one, remote access software can contain its own security vulnerabilities, like unpatched flaws and bugs or misconfigurations. Attackers may find openings in VPNs (virtual private networks) or RDP (remote desktop protocol) and use these holes to slip past security measures and carry out their mission.

Access controls

Attackers can compromise access control mechanisms to acquire the same permissions and privileges as authorized users, and once they gain access, they can do pretty much anything they want regarding system operations and data access. Access can be gained in many of the usual ways, such as an outdated VPN or stolen or purchased credentials. (Stolen or other credentials are readily available through online markets.)

The initial attack may just be a toe in the network while reconnaissance for holes in the access control system is conducted. Weak passwords, unnecessary access rights, and the usual misconfigurations and software vulnerabilities are all an attacker needs. As further walls are breached, attackers can then escalate their level of privilege to do whatever a legitimate user can do.

Understanding attack techniques in ICS HMI cybersecurity

Code injection

When attackers insert or inject malicious code into a software program or system, that’s code injection, and it can give the attacker access to core system functions. The resulting mayhem can include manipulation of control software, leading to shutdowns, equipment damage, and dangerous, even life-threatening situations if system changes result in hazardous chemical releases, changed formulas, explosions, or the misbehavior of large, heavy machinery. Code injections can corrupt, delete, or steal data and may result in compliance failure and fines in certain situations.

Malware virus infection

Malware can enter a network through various access points in addition to HMIs, even ones no one would ever expect, such as manufacturer-provided software updates or factory-fresh physical assets added to the production environment. A technician connecting a laptop or an employee plugging in a flash drive without knowing it’s infected will work just as well. As the walls between IT and OT thin, that attack surface widens as well. Once in the network, the attacker can escalate privileges, look around a bit, and see what’s worth doing or stealing. When enough has been learned, the attacker executes the malicious code, which can include ransomware or spyware. As in other attacks, operations can be interfered with, sometimes dangerously so.

Data tampering

Data tampering simply means that data is altered without authorization, including data used to operate, control, and monitor industrial systems. Attackers gain access through vulnerabilities in the system software or HMI devices or through passageways between IT and OT. Once in, they can explore the system to give themselves even greater access to more sensitive areas, where they can steal valuable and confidential system data, interrupt operations, compromise equipment, and damage the company’s business interests and competitive advantage.

Memory corruption

Memory corruption can happen in any computer network and may not represent anything nefarious. Yet memory corruption has also been used as an attack technique that can be deployed against OT networks and is thus potentially extremely damaging since data controls machinery, processes, formulas, and other essential functions. Attackers find software vulnerabilities in HMI or other access points through which the memory of an application or system can be reached and corrupted. This can lead to crashes, data leakage, denial of services (DoS), and even attacker takeovers of ICS and SCADA systems.

Spear phishing

Spear phishing attacks are generally launched against IT networks, which can then be used to open a corridor to the OT network. Spear phishing is basically a more targeted version of phishing attacks, in which an attacker will impersonate a legitimate, trusted source via email or web page, for example. In 2014, attackers targeted a German steel mill with an email suspected of carrying malicious code. They then used access to the business network to get to the SCADA/ICS network, where they modified the PLCs (programmable logic controllers) and took over the furnace’s operations. The physical damage they inflicted forced the plant to shut down.

DoS and DDoS attacks

Denial of Service (DoS) and Distributed Denial of Service (DDoS) work by overwhelming HMI points with excessive traffic or requests so they are unable to handle authorized control and monitoring functions. In 2016, some particularly vicious malware dubbed Industroyer (also Crashoveride) was deployed in an attack against Ukraine’s power grid and blacked out a substantial section of Kyiv. Industroyer was developed specifically to attack ICS and SCADA systems. The multipronged attack began by exploiting vulnerabilities in digital substation relays. A timer regulating the attack executed a distributed denial-of-service (DDoS) attack on every protection relay on the network that used any of four specific communication protocols. Simultaneously, it deleted all MicroSCADA-related files from the workstations’ hard drives. As the relays stopped functioning, lights went out across the city.

Exploiting remote access

The growing use of remote access to HMI systems during and after COVID-19 has provided threat actors with a wealth of newly available attack vectors. Less-than-airtight remote access security protocols make them very enticing for ICS-specific malware. HAVEX malware, for example, uses a remote access trojan (RAT) downloaded from OT vendor websites. The RAT can then scan for devices on the ports commonly used OT assets, collect information, and send it back to the attacker’s command and control server. A long-term attack used just such a method to gain remote access to energy networks in the U.S. and internationally, during which data thieves collected and “exfiltrated” (stole) enterprise and ICS-related data.

Credential theft

Obtaining unauthorized credentials is not all that difficult these days, with a robust online marketplace making it easier than ever. Phishing and spear phishing, malware, weak passwords, and vulnerabilities or misconfigurations that grant access to places where unencrypted credentials are all sources. With credentials in hand, attackers can move past security, including MFA (multifactor authentication), conduct reconnaissance, and give themselves whatever level of privilege they need to complete whatever their mission is. Or they simply persist and observe, learning all they can before finally acting against the ICS or SCADA system.

Zero-day attacks

Zero-day attacks got their name because they’re generally carried out against a previously existing yet unknown vulnerability; the vendor has zero days to fix it because the attack is already underway. Vulnerabilities that are completely unknown to either the software developer or the cybersecurity community exist throughout the software world, including in OT networks and their HMIs. Unsuspected and thus unpatched, they give fast-moving threat actors the opportunity to carry out a zero-day attack without resistance. The 2010 Stuxnet attack against Iran’s nuclear program used zero-day vulnerabilities in Windows to access the network and spread, eventually destroying the centrifuges. One thousand machines sustained physical damage.

Best practices for enhancing HMI security

Network segmentation for isolation

Network segmentation should be a core defense in securing industrial networks. Segmentation creates an environment that’s naturally resistant to intruders. Many of the attack techniques described above give attackers the ability to move laterally through the network. Segmenting the network prevents this lateral movement, limiting the attack radius and potential for damage. As OT networks become more connected to the world and the line between IT and OT continues to blur, network segmentation can segregate HMI systems from other parts of the network and the outside world. It can also segment defined zones within the OT network from each other so attacks can be contained.

Software and firmware updates

Software and firmware updates are recommended in all cybersecurity situations, but installing patches and updates in OT networks is easier said than done. OT networks prioritize continuous operations. There are compatibility issues, unpatchable legacy systems, and other roadblocks. The solution is virtual patching. Virtual patching is achieved by identifying all vulnerabilities within an OT network and applying a security mechanism such as a physical IPS (intrusion prevention system) or firewall. Rules are created, traffic is inspected and filtered, and attacks can be blocked and investigated.

Employee training on cybersecurity awareness

The more employees know about network operations, vulnerabilities, and cyberattack methods, the more they can do to help protect the network. Since few organizations have the internal staff to provide the necessary training, third-party training partners can be a viable solution. In any event, all employees should be trained in a company’s written policies, the general threat landscape, security best practices, how to handle physical assets like flash drives or laptops, how to recognize an attack, and what the company’s response protocol is. Specific training should be provided for employees who work remotely.

The evolving HMI security threat landscape

Concrete predictions about future threats and responses are hard to make, but the HMI security threat landscape will most likely evolve much the same way the entire security landscape will, with one major addition.

Air-gapped environments are going away

For a long time, many OT networks were air-gapped off from the world, physically and digitally isolated from the risks of contamination. Data and malware transfer alike required physical media, but inconvenience was safety. As OT networks continue to merge with the connected world, that kind of protection is going away. Remote work is becoming more prevalent, and the very connected IoT (Internet of Things) is now all over the automated factory floor. If wireless access points are left hanging from equipment, no one gives it a thought, except threat actors looking for a way in. (This is where basic employee training might help.)

Threat actors are innovators

Threat actors are becoming increasingly sophisticated. They devote much more time and thought to innovative ways to penetrate HMI and other OT network points than the people who operate them. AI and machine learning techniques are further empowering bad actors.

The statistics bear this out, especially as IT and OT networks continue to converge. In a study on 2023 OT/ICS cybersecurity activities, 76% of organizations were moving toward converged networks, and 97% reported IT security incidents also affected OT environments. Nearly half (47%) of businesses reported OT/ICS ransomware attacks, and 76% had significant concerns about state-sponsored actors.

On the positive side, however, pressure from regulators, insurance companies, and boards of directors is pushing organizations to think and act on cybersecurity for HMI points and throughout the network far more aggressively than many currently do. According to the study, 68% of organizations were increasing their budgets, 38% had dedicated OT security teams, and 77% had achieved a level-3 maturity in OT/ICS security.

Complete OT security

Cybersecurity in industrial environments presents challenges far different than those in IT networks. TXOne specializes in OT cybersecurity, with OT-native solutions designed for the equipment, environment, and day-to-day realities of industrial settings.

The post Enhancing HMI Security: How To Protect ICS Environments From Cyber Threats appeared first on Semiconductor Engineering.

The following is a joint announcement from MIT and Applied Materials, Inc.

MIT and Applied Materials, Inc., announced an agreement today that, together with a grant to MIT from the Northeast Microelectronics Coalition (NEMC) Hub, commits more than $40 million of estimated private and public investment to add advanced nano-fabrication equipment and capabilities to MIT.nano, the Institute’s center for nanoscale science and engineering. The collaboration will create a unique open-access site in the United States that supports research and development at industry-compatible scale using the same equipment found in high-volume production fabs to accelerate advances in silicon and compound semiconductors, power electronics, optical computing, analog devices, and other critical technologies.

The equipment and related funding and in-kind support provided by Applied Materials will significantly enhance MIT.nano’s existing capabilities to fabricate up to 200-millimeter (8-inch) wafers, a size essential to industry prototyping and production of semiconductors used in a broad range of markets including consumer electronics, automotive, industrial automation, clean energy, and more. Positioned to fill the gap between academic experimentation and commercialization, the equipment will help establish a bridge connecting early-stage innovation to industry pathways to the marketplace.

“A brilliant new concept for a chip won’t have impact in the world unless companies can make millions of copies of it. MIT.nano’s collaboration with Applied Materials will create a critical open-access capacity to help innovations travel from lab bench to industry foundries for manufacturing,” says Maria Zuber, MIT’s vice president for research and the E. A. Griswold Professor of Geophysics. “I am grateful to Applied Materials for its investment in this vision. The impact of the new toolset will ripple across MIT and throughout Massachusetts, the region, and the nation.”

Applied Materials is the world’s largest supplier of equipment for manufacturing semiconductors, displays, and other advanced electronics. The company will provide at MIT.nano several state-of-the-art process tools capable of supporting 150 and 200mm wafers and will enhance and upgrade an existing tool owned by MIT. In addition to assisting MIT.nano in the day-to-day operation and maintenance of the equipment, Applied engineers will develop new process capabilities that will benefit researchers and students from MIT and beyond.

“Chips are becoming increasingly complex, and there is tremendous need for continued advancements in 200mm devices, particularly compound semiconductors like silicon carbide and gallium nitride,” says Aninda Moitra, corporate vice president and general manager of Applied Materials’ ICAPS Business. “Applied is excited to team with MIT.nano to create a unique, open-access site in the U.S. where the chip ecosystem can collaborate to accelerate innovation. Our engagement with MIT expands Applied’s university innovation network and furthers our efforts to reduce the time and cost of commercializing new technologies while strengthening the pipeline of future semiconductor industry talent.”

The NEMC Hub, managed by the Massachusetts Technology Collaborative (MassTech), will allocate $7.7 million to enable the installation of the tools. The NEMC is the regional “hub” that connects and amplifies the capabilities of diverse organizations from across New England, plus New Jersey and New York. The U.S. Department of Defense (DoD) selected the NEMC Hub as one of eight Microelectronics Commons Hubs and awarded funding from the CHIPS and Science Act to accelerate the transition of critical microelectronics technologies from lab-to-fab, spur new jobs, expand workforce training opportunities, and invest in the region’s advanced manufacturing and technology sectors.

The Microelectronics Commons program is managed at the federal level by the Office of the Under Secretary of Defense for Research and Engineering and the Naval Surface Warfare Center, Crane Division, and facilitated through the National Security Technology Accelerator (NSTXL), which organizes the execution of the eight regional hubs located across the country. The announcement of the public sector support for the project was made at an event attended by leaders from the DoD and NSTXL during a site visit to meet with NEMC Hub members.

“The installation and operation of these tools at MIT.nano will have a direct impact on the members of the NEMC Hub, the Massachusetts and Northeast regional economy, and national security. This is what the CHIPS and Science Act is all about,” says Ben Linville-Engler, deputy director at the MassTech Collaborative and the interim director of the NEMC Hub. “This is an essential investment by the NEMC Hub to meet the mission of the Microelectronics Commons.”

MIT.nano is a 200,000 square-foot facility located in the heart of the MIT campus with pristine, class-100 cleanrooms capable of accepting these advanced tools. Its open-access model means that MIT.nano’s toolsets and laboratories are available not only to the campus, but also to early-stage R&D by researchers from other academic institutions, nonprofit organizations, government, and companies ranging from Fortune 500 multinationals to local startups. Vladimir Bulović, faculty director of MIT.nano, says he expects the new equipment to come online in early 2025.

“With vital funding for installation from NEMC and after a thorough and productive planning process with Applied Materials, MIT.nano is ready to install this toolset and integrate it into our expansive capabilities that serve over 1,100 researchers from academia, startups, and established companies,” says Bulović, who is also the Fariborz Maseeh Professor of Emerging Technologies in MIT’s Department of Electrical Engineering and Computer Science. “We’re eager to add these powerful new capabilities and excited for the new ideas, collaborations, and innovations that will follow.”

As part of its arrangement with MIT.nano, Applied Materials will join the MIT.nano Consortium, an industry program comprising 12 companies from different industries around the world. With the contributions of the company’s technical staff, Applied Materials will also have the opportunity to engage with MIT’s intellectual centers, including continued membership with the Microsystems Technology Laboratories.

Connected vehicles offer a range of benefits, such as real-time data sharing, app-to-car connectivity, advanced driver assistance systems (ADAS), and critical safety features like location tracking, remote parking, and in-vehicle infotainment systems (IVIs). These advancements aim to enhance the overall driving and riding experience. However, it is crucial to acknowledge that equipping vehicles with smart features also exposes them to potential cyberattacks. These attacks can result in customer data leakage or even compromise critical safety functionalities.

It’s expected to discover vulnerabilities after the product is released, which could have been easily prevented. For instance, as reported by Bloomberg, a recent increase in car thefts was attributed to the absence of anti-theft computer chips in vehicle critical systems. Therefore, it is imperative to proactively consider and address potential attack vectors right from the initial stages of development. This cybersecurity vulnerability applies to many other industrial applications, such as industrial IoT, SmartCity, and digital healthcare, where every device or system is connected, and every connection is a vulnerability.

Design for security is becoming mainstream and should be part of today’s standard design methodologies.

What you will learn:

1. Why a model-based and system-oriented solution is needed for automotive cybersecurity

2. How to quickly identify threat scenarios

3. Why a pre-silicon security verification flow is essential for secure ICs

4. Using AI to mitigate side-channel vulnerabilities

Who should attend this presentation:

This webinar is valuable to anyone who works with product design, connectivity and security.

Register now for this free webinar!

One of the most important things about buying a smart gadget is the commitment to software updates, but manufacturers often don’t disclose their update policies. Fortunately, it turns out that the UK is taking action against this and several other issues.

The UK has introduced a new set of minimum requirements for internet-connected gadgets, dubbed the Product Security and Telecommunications Infrastructure Act (h/t: BBC). This act applies to connected devices like smart TVs, home appliances, routers, smartphones, and more.

Digital Chinese-language keyboards that are vulnerable to spying and eavesdropping have been used by 1 billion smartphone users, according to a new report. The widespread threats these leaky systems reveal could also present a concerning new kind of exploit for cyberattacks, whether the device uses a Chinese-language keyboard, an English keyboard, or any other.

Last year, the University of Toronto’s Citizen Lab released a study of a proprietary Chinese keyboard system owned by the Shenzhen-based tech giant Tencent. Citizen Lab’s “Sogou Keyboard” report exposed the widespread range of attacks possible on the keyboard, which could leak a user’s key presses to outside eavesdroppers. Now, in the group’s new study, released last week, the same researchers have discovered that essentially all the world’s popular Chinese smartphone keyboards have suffered similar vulnerabilities.

“Whatever Chinese-language users of your app might have typed into it has been exposed for years.” —Jedidiah Crandall, Arizona State University

And while the specific bugs the two reports have uncovered have been fixed in most instances, the researchers’ findings—and in particular, their recommendations—point to substantially larger gaps in the systems that extend into software developed around the world, no matter the language.

“All of these keyboards were also using custom network protocols,” says Mona Wang, a computer science Ph.D. student at Princeton University and coauthor of the report. “Because I had studied these sort of custom network protocols before, then this immediately screamed to me that there was something really terrible going on.”

Jedidiah Crandall, an associate professor of computing and augmented intelligence at Arizona State University in Tempe, who was consulted in the report’s preparation but was not on the research team, says these vulnerabilities matter for nearly any coder or development team that releases their work to the world. “If you are a developer of a privacy-focused chat app or an app for tracking something health related, whatever Chinese language users of your app might have typed into it has been exposed for years,” he says.

The Chinese keyboard problem

Chinese, a language of tens of thousands of characters with some 4,000 or more in common use, represents a distinct challenge for keyboard input. A range of different keyboard systems have been developed in the digital era—sometimes called pinyin keyboards, named after a popular romanization system for standard Chinese. Ideally, these creative approaches to digital input enable a profoundly complex language to be straightforwardly phoneticized and transliterated via a compact, often QWERTY-style keyboard format.

“Even competent and well-resourced people get encryption wrong, because it’s really hard to do correctly.” —Mona Wang, Princeton University

Computational and AI smarts can help transform key presses into Chinese characters on the screen. But Chinese keyboards often involve many interchanges across the Internet between cloud servers and other assistive networked apps, just to make it possible for a Chinese-speaking person to be able to type the characters.

According to the report—and an FAQ the researchers released explaining the technical points in plain language—the Chinese keyboards studied all used character-prediction features, which in turn relied on cloud-computing resources. The researchers found that improperly secured communications between a device’s keyboard app and those external cloud servers meant that users’ keystrokes (and therefore their messages) could be accessed in transit.

Jeffrey Knockel, a senior research associate at Citizen Lab and the report coauthor, says cloud-based character prediction is a particularly attractive feature for Chinese-language keyboards, given the vast array of possible characters that any given QWERTY keystroke sequence might be attempting to represent. “If you’re typing in English or any language where there’s enough keys on a keyboard for all your letters, that’s already a much simpler task to design a keyboard around than an ideographic language where you might have over 10,000 characters,” he says.

Chinese-language keyboards are often “pinyin keyboards,” which allow for thousands of characters to be typed using a QWERTY-style approach.Zamoeux/Wikimedia

Sarah Scheffler, a postdoctoral associate at MIT, expressed concern also about other kinds of data vulnerabilities that the Citizen Lab report reveals—beyond keyboards and Chinese-language specific applications necessarily. “The vulnerabilities [identified by the report] are not at all specific to pinyin keyboards,” she says. “It applies to any application sending data over the Internet. Any app sending unencrypted—or badly encrypted—information would have similar issues.”

Wang says the chief problem the researchers uncovered concerns the fact that so many Chinese-keyboard protocols transmit data using inferior and sometimes custom-made encryption.

“These encryption protocols are probably developed by very, very competent and very well-resourced people,” Wang says. “But even competent and well-resourced people get encryption wrong, because it’s really hard to do correctly.”

Beyond the vulnerabilities exposed

Scheffler points to the two-decades-long testing, iteration, and development of the transport layer security (TLS) system underlying much of the Internet’s secure communications, including websites that use the Hypertext Transfer Protocol Secure (HTTPS) protocol. (The first version of TLS was specified and released in 1999.) “All these Chinese Internet companies who are rolling their own [cryptography] or using their own encryption algorithms are sort of missing out on all those 20 years of standard encryption development,” Wang says.

Crandall says the report may have also inadvertently highlighted assumptions about security protocols that may not always apply in every corner of the globe. “Protocols like TLS sometimes make assumptions that don’t suit the needs of developers in certain parts of the world,” he says. For instance, he adds, custom-made, non-TLS security systems may be more attractive “where the network delay is high or where people may spend large amounts of time in areas where the network is not accessible.”

Scheffler says the Chinese-language keyboard problem could even represent a kind of canary in the coal mine for a range of computer, smartphone, and software systems. Because of their reliance on extensive Internet communications, such systems—while perhaps overlooked or relegated to the background by developers—also still represent potential cybersecurity attack surfaces.

“Anecdotally, a lot of these security failures arise from groups that don’t think they’re doing anything that requires security or don’t have much security expertise,” Scheffler says.

Scheffler identifies “Internet-based predictive-text keyboards in any language, and maybe some of the Internet-based AI features that have crept into apps over the years” as possible places concealing cybersecurity vulnerabilities similar to those that the Citizen Lab team discovered in Chinese-language keyboards. This category could include voice recognition, speech-to-text, text-to-speech, and generative AI tools, she adds.

“Security and privacy isn’t many people’s first thought when they’re building their cool image-editing application,” says Scheffler. ”Maybe it shouldn’t be the first thought, but it should definitely be a thought by the time the application makes it to users.”

This story was updated 29 April 2024.

The following is a joint announcement from MIT and Applied Materials, Inc.

MIT and Applied Materials, Inc., announced an agreement today that, together with a grant to MIT from the Northeast Microelectronics Coalition (NEMC) Hub, commits more than $40 million of estimated private and public investment to add advanced nano-fabrication equipment and capabilities to MIT.nano, the Institute’s center for nanoscale science and engineering. The collaboration will create a unique open-access site in the United States that supports research and development at industry-compatible scale using the same equipment found in high-volume production fabs to accelerate advances in silicon and compound semiconductors, power electronics, optical computing, analog devices, and other critical technologies.

The equipment and related funding and in-kind support provided by Applied Materials will significantly enhance MIT.nano’s existing capabilities to fabricate up to 200-millimeter (8-inch) wafers, a size essential to industry prototyping and production of semiconductors used in a broad range of markets including consumer electronics, automotive, industrial automation, clean energy, and more. Positioned to fill the gap between academic experimentation and commercialization, the equipment will help establish a bridge connecting early-stage innovation to industry pathways to the marketplace.

“A brilliant new concept for a chip won’t have impact in the world unless companies can make millions of copies of it. MIT.nano’s collaboration with Applied Materials will create a critical open-access capacity to help innovations travel from lab bench to industry foundries for manufacturing,” says Maria Zuber, MIT’s vice president for research and the E. A. Griswold Professor of Geophysics. “I am grateful to Applied Materials for its investment in this vision. The impact of the new toolset will ripple across MIT and throughout Massachusetts, the region, and the nation.”

Applied Materials is the world’s largest supplier of equipment for manufacturing semiconductors, displays, and other advanced electronics. The company will provide at MIT.nano several state-of-the-art process tools capable of supporting 150 and 200mm wafers and will enhance and upgrade an existing tool owned by MIT. In addition to assisting MIT.nano in the day-to-day operation and maintenance of the equipment, Applied engineers will develop new process capabilities that will benefit researchers and students from MIT and beyond.

“Chips are becoming increasingly complex, and there is tremendous need for continued advancements in 200mm devices, particularly compound semiconductors like silicon carbide and gallium nitride,” says Aninda Moitra, corporate vice president and general manager of Applied Materials’ ICAPS Business. “Applied is excited to team with MIT.nano to create a unique, open-access site in the U.S. where the chip ecosystem can collaborate to accelerate innovation. Our engagement with MIT expands Applied’s university innovation network and furthers our efforts to reduce the time and cost of commercializing new technologies while strengthening the pipeline of future semiconductor industry talent.”

The NEMC Hub, managed by the Massachusetts Technology Collaborative (MassTech), will allocate $7.7 million to enable the installation of the tools. The NEMC is the regional “hub” that connects and amplifies the capabilities of diverse organizations from across New England, plus New Jersey and New York. The U.S. Department of Defense (DoD) selected the NEMC Hub as one of eight Microelectronics Commons Hubs and awarded funding from the CHIPS and Science Act to accelerate the transition of critical microelectronics technologies from lab-to-fab, spur new jobs, expand workforce training opportunities, and invest in the region’s advanced manufacturing and technology sectors.

The Microelectronics Commons program is managed at the federal level by the Office of the Under Secretary of Defense for Research and Engineering and the Naval Surface Warfare Center, Crane Division, and facilitated through the National Security Technology Accelerator (NSTXL), which organizes the execution of the eight regional hubs located across the country. The announcement of the public sector support for the project was made at an event attended by leaders from the DoD and NSTXL during a site visit to meet with NEMC Hub members.

“The installation and operation of these tools at MIT.nano will have a direct impact on the members of the NEMC Hub, the Massachusetts and Northeast regional economy, and national security. This is what the CHIPS and Science Act is all about,” says Ben Linville-Engler, deputy director at the MassTech Collaborative and the interim director of the NEMC Hub. “This is an essential investment by the NEMC Hub to meet the mission of the Microelectronics Commons.”

MIT.nano is a 200,000 square-foot facility located in the heart of the MIT campus with pristine, class-100 cleanrooms capable of accepting these advanced tools. Its open-access model means that MIT.nano’s toolsets and laboratories are available not only to the campus, but also to early-stage R&D by researchers from other academic institutions, nonprofit organizations, government, and companies ranging from Fortune 500 multinationals to local startups. Vladimir Bulović, faculty director of MIT.nano, says he expects the new equipment to come online in early 2025.

“With vital funding for installation from NEMC and after a thorough and productive planning process with Applied Materials, MIT.nano is ready to install this toolset and integrate it into our expansive capabilities that serve over 1,100 researchers from academia, startups, and established companies,” says Bulović, who is also the Fariborz Maseeh Professor of Emerging Technologies in MIT’s Department of Electrical Engineering and Computer Science. “We’re eager to add these powerful new capabilities and excited for the new ideas, collaborations, and innovations that will follow.”

As part of its arrangement with MIT.nano, Applied Materials will join the MIT.nano Consortium, an industry program comprising 12 companies from different industries around the world. With the contributions of the company’s technical staff, Applied Materials will also have the opportunity to engage with MIT’s intellectual centers, including continued membership with the Microsystems Technology Laboratories.

The following is a joint announcement from MIT and Applied Materials, Inc.

MIT and Applied Materials, Inc., announced an agreement today that, together with a grant to MIT from the Northeast Microelectronics Coalition (NEMC) Hub, commits more than $40 million of estimated private and public investment to add advanced nano-fabrication equipment and capabilities to MIT.nano, the Institute’s center for nanoscale science and engineering. The collaboration will create a unique open-access site in the United States that supports research and development at industry-compatible scale using the same equipment found in high-volume production fabs to accelerate advances in silicon and compound semiconductors, power electronics, optical computing, analog devices, and other critical technologies.

The equipment and related funding and in-kind support provided by Applied Materials will significantly enhance MIT.nano’s existing capabilities to fabricate up to 200-millimeter (8-inch) wafers, a size essential to industry prototyping and production of semiconductors used in a broad range of markets including consumer electronics, automotive, industrial automation, clean energy, and more. Positioned to fill the gap between academic experimentation and commercialization, the equipment will help establish a bridge connecting early-stage innovation to industry pathways to the marketplace.

“A brilliant new concept for a chip won’t have impact in the world unless companies can make millions of copies of it. MIT.nano’s collaboration with Applied Materials will create a critical open-access capacity to help innovations travel from lab bench to industry foundries for manufacturing,” says Maria Zuber, MIT’s vice president for research and the E. A. Griswold Professor of Geophysics. “I am grateful to Applied Materials for its investment in this vision. The impact of the new toolset will ripple across MIT and throughout Massachusetts, the region, and the nation.”

Applied Materials is the world’s largest supplier of equipment for manufacturing semiconductors, displays, and other advanced electronics. The company will provide at MIT.nano several state-of-the-art process tools capable of supporting 150 and 200mm wafers and will enhance and upgrade an existing tool owned by MIT. In addition to assisting MIT.nano in the day-to-day operation and maintenance of the equipment, Applied engineers will develop new process capabilities that will benefit researchers and students from MIT and beyond.

“Chips are becoming increasingly complex, and there is tremendous need for continued advancements in 200mm devices, particularly compound semiconductors like silicon carbide and gallium nitride,” says Aninda Moitra, corporate vice president and general manager of Applied Materials’ ICAPS Business. “Applied is excited to team with MIT.nano to create a unique, open-access site in the U.S. where the chip ecosystem can collaborate to accelerate innovation. Our engagement with MIT expands Applied’s university innovation network and furthers our efforts to reduce the time and cost of commercializing new technologies while strengthening the pipeline of future semiconductor industry talent.”

The NEMC Hub, managed by the Massachusetts Technology Collaborative (MassTech), will allocate $7.7 million to enable the installation of the tools. The NEMC is the regional “hub” that connects and amplifies the capabilities of diverse organizations from across New England, plus New Jersey and New York. The U.S. Department of Defense (DoD) selected the NEMC Hub as one of eight Microelectronics Commons Hubs and awarded funding from the CHIPS and Science Act to accelerate the transition of critical microelectronics technologies from lab-to-fab, spur new jobs, expand workforce training opportunities, and invest in the region’s advanced manufacturing and technology sectors.

The Microelectronics Commons program is managed at the federal level by the Office of the Under Secretary of Defense for Research and Engineering and the Naval Surface Warfare Center, Crane Division, and facilitated through the National Security Technology Accelerator (NSTXL), which organizes the execution of the eight regional hubs located across the country. The announcement of the public sector support for the project was made at an event attended by leaders from the DoD and NSTXL during a site visit to meet with NEMC Hub members.

“The installation and operation of these tools at MIT.nano will have a direct impact on the members of the NEMC Hub, the Massachusetts and Northeast regional economy, and national security. This is what the CHIPS and Science Act is all about,” says Ben Linville-Engler, deputy director at the MassTech Collaborative and the interim director of the NEMC Hub. “This is an essential investment by the NEMC Hub to meet the mission of the Microelectronics Commons.”

MIT.nano is a 200,000 square-foot facility located in the heart of the MIT campus with pristine, class-100 cleanrooms capable of accepting these advanced tools. Its open-access model means that MIT.nano’s toolsets and laboratories are available not only to the campus, but also to early-stage R&D by researchers from other academic institutions, nonprofit organizations, government, and companies ranging from Fortune 500 multinationals to local startups. Vladimir Bulović, faculty director of MIT.nano, says he expects the new equipment to come online in early 2025.

“With vital funding for installation from NEMC and after a thorough and productive planning process with Applied Materials, MIT.nano is ready to install this toolset and integrate it into our expansive capabilities that serve over 1,100 researchers from academia, startups, and established companies,” says Bulović, who is also the Fariborz Maseeh Professor of Emerging Technologies in MIT’s Department of Electrical Engineering and Computer Science. “We’re eager to add these powerful new capabilities and excited for the new ideas, collaborations, and innovations that will follow.”

As part of its arrangement with MIT.nano, Applied Materials will join the MIT.nano Consortium, an industry program comprising 12 companies from different industries around the world. With the contributions of the company’s technical staff, Applied Materials will also have the opportunity to engage with MIT’s intellectual centers, including continued membership with the Microsystems Technology Laboratories.

As we keep more and more personal data on our phones, iPhone and Android devices now have some of the most advanced encryption technology in existence to keep that information safe from prying eyes. The easiest way around that, of course, is for someone to gain access to your phone.

This week, a federal court decided that police officers can make you unlock your phone, even by physically forcing you to press your thumb against it.

In November 2021, Jeremy Payne was pulled over by two California Highway Patrol (CHP) officers over his car's window tinting. When asked, Payne admitted that he was on parole, which the officers confirmed. After finding Payne's cellphone in the car, officers unlocked it by forcibly pressing his thumb against it as he sat handcuffed. (The officers claimed in their arrest report that Payne "reluctantly unlocked the cell phone" when asked, which Payne disputed; the government later accepted in court "that defendant's thumbprint was compelled.")

The officers searched through Payne's camera roll and found a video taken the same day, which appeared to show "several bags of blue pills (suspected to be fentanyl)." After checking the phone's map and finding what they suspected to be a home address, the officers drove there and used Payne's keys to enter and search the residence. Inside, they  found and seized more than 800 pills.

Payne was indicted for possession with intent to distribute fentanyl and cocaine.

In a motion to suppress, Payne's attorneys argued that by forcing him to unlock his phone, the officers "compelled a testimonial communication," violating both the Fourth Amendment's protection against unreasonable search and seizure and the Fifth Amendment's guarantee against self-incrimination. Even though the provisions of his parole required him to surrender any electronic devices and passcodes, "failure to comply could result in 'arrest pending further investigation' or confiscation of the device pending investigation," not the use of force to make him open the phone.

The district court denied the motion to suppress, and Payne pleaded guilty. In November 2022, he was sentenced to 12 years in prison. Notably, Payne had only served three years for the crime for which he was on parole—assault with a deadly weapon on a peace officer.

Payne appealed the denial of the motion to suppress. This week, in an opinion authored by Judge Richard Tallman, the U.S. Court of Appeals for the 9th Circuit ruled against Payne.

Searches "incident to arrest" are an accepted part of Fourth Amendment precedent. Further, Tallman wrote that as a parolee, Payne has "a significantly diminished expectation of privacy," and even though the conditions of his parole did not require him to "provide a biometric identifier," the distinction was insufficient to support throwing out the search altogether.

But Tallman went a step further in the Fifth Amendment analysis: "We hold that the compelled use of Payne's thumb to unlock his phone (which he had already identified
for the officers) required no cognitive exertion, placing it firmly in the same category as a blood draw or fingerprint taken at booking," he wrote. "The act itself merely provided CHP with access to a source of potential information."

From a practical standpoint, this is chilling. First of all, the Supreme Court ruled in 2016 that police needed a warrant before drawing a suspect's blood.

And one can argue that fingerprinting a suspect as they're arrested is part and parcel with establishing their identity. Nearly half of U.S. states require people to identify themselves to police if asked.

But forcibly gaining access to someone's phone provides more than just their identity—it's a window into their entire lives. Even cursory access to someone's phone can turn up travel history, banking information, and call and text logs—a treasure trove of potentially incriminating information, all of which would otherwise require a warrant.

When they drafted the Fourth Amendment, the Founders drew on the history of "writs of assistance," general warrants used by British authorities in the American colonies that allowed government agents to enter homes at will and look for anything disallowed. As a result, the Fourth Amendment requires search warrants based on probable cause and signed by a judge.

Tallman does note the peculiar circumstances of the case: "Our opinion should not be read to extend to all instances where a biometric is used to unlock an electronic device." But, he adds, "the outcome…may have been different had [the officer] required Payne to independently select the finger that he placed on the phone" instead of forcibly mashing Payne's thumb into it himself.

The post Appeals Court Rules That Cops Can Physically Make You Unlock Your Phone appeared first on Reason.com.

The following is a joint announcement from MIT and Applied Materials, Inc.

MIT and Applied Materials, Inc., announced an agreement today that, together with a grant to MIT from the Northeast Microelectronics Coalition (NEMC) Hub, commits more than $40 million of estimated private and public investment to add advanced nano-fabrication equipment and capabilities to MIT.nano, the Institute’s center for nanoscale science and engineering. The collaboration will create a unique open-access site in the United States that supports research and development at industry-compatible scale using the same equipment found in high-volume production fabs to accelerate advances in silicon and compound semiconductors, power electronics, optical computing, analog devices, and other critical technologies.

The equipment and related funding and in-kind support provided by Applied Materials will significantly enhance MIT.nano’s existing capabilities to fabricate up to 200-millimeter (8-inch) wafers, a size essential to industry prototyping and production of semiconductors used in a broad range of markets including consumer electronics, automotive, industrial automation, clean energy, and more. Positioned to fill the gap between academic experimentation and commercialization, the equipment will help establish a bridge connecting early-stage innovation to industry pathways to the marketplace.

“A brilliant new concept for a chip won’t have impact in the world unless companies can make millions of copies of it. MIT.nano’s collaboration with Applied Materials will create a critical open-access capacity to help innovations travel from lab bench to industry foundries for manufacturing,” says Maria Zuber, MIT’s vice president for research and the E. A. Griswold Professor of Geophysics. “I am grateful to Applied Materials for its investment in this vision. The impact of the new toolset will ripple across MIT and throughout Massachusetts, the region, and the nation.”

Applied Materials is the world’s largest supplier of equipment for manufacturing semiconductors, displays, and other advanced electronics. The company will provide at MIT.nano several state-of-the-art process tools capable of supporting 150 and 200mm wafers and will enhance and upgrade an existing tool owned by MIT. In addition to assisting MIT.nano in the day-to-day operation and maintenance of the equipment, Applied engineers will develop new process capabilities that will benefit researchers and students from MIT and beyond.

“Chips are becoming increasingly complex, and there is tremendous need for continued advancements in 200mm devices, particularly compound semiconductors like silicon carbide and gallium nitride,” says Aninda Moitra, corporate vice president and general manager of Applied Materials’ ICAPS Business. “Applied is excited to team with MIT.nano to create a unique, open-access site in the U.S. where the chip ecosystem can collaborate to accelerate innovation. Our engagement with MIT expands Applied’s university innovation network and furthers our efforts to reduce the time and cost of commercializing new technologies while strengthening the pipeline of future semiconductor industry talent.”

The NEMC Hub, managed by the Massachusetts Technology Collaborative (MassTech), will allocate $7.7 million to enable the installation of the tools. The NEMC is the regional “hub” that connects and amplifies the capabilities of diverse organizations from across New England, plus New Jersey and New York. The U.S. Department of Defense (DoD) selected the NEMC Hub as one of eight Microelectronics Commons Hubs and awarded funding from the CHIPS and Science Act to accelerate the transition of critical microelectronics technologies from lab-to-fab, spur new jobs, expand workforce training opportunities, and invest in the region’s advanced manufacturing and technology sectors.

The Microelectronics Commons program is managed at the federal level by the Office of the Under Secretary of Defense for Research and Engineering and the Naval Surface Warfare Center, Crane Division, and facilitated through the National Security Technology Accelerator (NSTXL), which organizes the execution of the eight regional hubs located across the country. The announcement of the public sector support for the project was made at an event attended by leaders from the DoD and NSTXL during a site visit to meet with NEMC Hub members.

“The installation and operation of these tools at MIT.nano will have a direct impact on the members of the NEMC Hub, the Massachusetts and Northeast regional economy, and national security. This is what the CHIPS and Science Act is all about,” says Ben Linville-Engler, deputy director at the MassTech Collaborative and the interim director of the NEMC Hub. “This is an essential investment by the NEMC Hub to meet the mission of the Microelectronics Commons.”

MIT.nano is a 200,000 square-foot facility located in the heart of the MIT campus with pristine, class-100 cleanrooms capable of accepting these advanced tools. Its open-access model means that MIT.nano’s toolsets and laboratories are available not only to the campus, but also to early-stage R&D by researchers from other academic institutions, nonprofit organizations, government, and companies ranging from Fortune 500 multinationals to local startups. Vladimir Bulović, faculty director of MIT.nano, says he expects the new equipment to come online in early 2025.

“With vital funding for installation from NEMC and after a thorough and productive planning process with Applied Materials, MIT.nano is ready to install this toolset and integrate it into our expansive capabilities that serve over 1,100 researchers from academia, startups, and established companies,” says Bulović, who is also the Fariborz Maseeh Professor of Emerging Technologies in MIT’s Department of Electrical Engineering and Computer Science. “We’re eager to add these powerful new capabilities and excited for the new ideas, collaborations, and innovations that will follow.”

As part of its arrangement with MIT.nano, Applied Materials will join the MIT.nano Consortium, an industry program comprising 12 companies from different industries around the world. With the contributions of the company’s technical staff, Applied Materials will also have the opportunity to engage with MIT’s intellectual centers, including continued membership with the Microsystems Technology Laboratories.

The following is a joint announcement from MIT and Applied Materials, Inc.

MIT and Applied Materials, Inc., announced an agreement today that, together with a grant to MIT from the Northeast Microelectronics Coalition (NEMC) Hub, commits more than $40 million of estimated private and public investment to add advanced nano-fabrication equipment and capabilities to MIT.nano, the Institute’s center for nanoscale science and engineering. The collaboration will create a unique open-access site in the United States that supports research and development at industry-compatible scale using the same equipment found in high-volume production fabs to accelerate advances in silicon and compound semiconductors, power electronics, optical computing, analog devices, and other critical technologies.

The equipment and related funding and in-kind support provided by Applied Materials will significantly enhance MIT.nano’s existing capabilities to fabricate up to 200-millimeter (8-inch) wafers, a size essential to industry prototyping and production of semiconductors used in a broad range of markets including consumer electronics, automotive, industrial automation, clean energy, and more. Positioned to fill the gap between academic experimentation and commercialization, the equipment will help establish a bridge connecting early-stage innovation to industry pathways to the marketplace.

“A brilliant new concept for a chip won’t have impact in the world unless companies can make millions of copies of it. MIT.nano’s collaboration with Applied Materials will create a critical open-access capacity to help innovations travel from lab bench to industry foundries for manufacturing,” says Maria Zuber, MIT’s vice president for research and the E. A. Griswold Professor of Geophysics. “I am grateful to Applied Materials for its investment in this vision. The impact of the new toolset will ripple across MIT and throughout Massachusetts, the region, and the nation.”

Applied Materials is the world’s largest supplier of equipment for manufacturing semiconductors, displays, and other advanced electronics. The company will provide at MIT.nano several state-of-the-art process tools capable of supporting 150 and 200mm wafers and will enhance and upgrade an existing tool owned by MIT. In addition to assisting MIT.nano in the day-to-day operation and maintenance of the equipment, Applied engineers will develop new process capabilities that will benefit researchers and students from MIT and beyond.

“Chips are becoming increasingly complex, and there is tremendous need for continued advancements in 200mm devices, particularly compound semiconductors like silicon carbide and gallium nitride,” says Aninda Moitra, corporate vice president and general manager of Applied Materials’ ICAPS Business. “Applied is excited to team with MIT.nano to create a unique, open-access site in the U.S. where the chip ecosystem can collaborate to accelerate innovation. Our engagement with MIT expands Applied’s university innovation network and furthers our efforts to reduce the time and cost of commercializing new technologies while strengthening the pipeline of future semiconductor industry talent.”

The NEMC Hub, managed by the Massachusetts Technology Collaborative (MassTech), will allocate $7.7 million to enable the installation of the tools. The NEMC is the regional “hub” that connects and amplifies the capabilities of diverse organizations from across New England, plus New Jersey and New York. The U.S. Department of Defense (DoD) selected the NEMC Hub as one of eight Microelectronics Commons Hubs and awarded funding from the CHIPS and Science Act to accelerate the transition of critical microelectronics technologies from lab-to-fab, spur new jobs, expand workforce training opportunities, and invest in the region’s advanced manufacturing and technology sectors.

The Microelectronics Commons program is managed at the federal level by the Office of the Under Secretary of Defense for Research and Engineering and the Naval Surface Warfare Center, Crane Division, and facilitated through the National Security Technology Accelerator (NSTXL), which organizes the execution of the eight regional hubs located across the country. The announcement of the public sector support for the project was made at an event attended by leaders from the DoD and NSTXL during a site visit to meet with NEMC Hub members.

“The installation and operation of these tools at MIT.nano will have a direct impact on the members of the NEMC Hub, the Massachusetts and Northeast regional economy, and national security. This is what the CHIPS and Science Act is all about,” says Ben Linville-Engler, deputy director at the MassTech Collaborative and the interim director of the NEMC Hub. “This is an essential investment by the NEMC Hub to meet the mission of the Microelectronics Commons.”

MIT.nano is a 200,000 square-foot facility located in the heart of the MIT campus with pristine, class-100 cleanrooms capable of accepting these advanced tools. Its open-access model means that MIT.nano’s toolsets and laboratories are available not only to the campus, but also to early-stage R&D by researchers from other academic institutions, nonprofit organizations, government, and companies ranging from Fortune 500 multinationals to local startups. Vladimir Bulović, faculty director of MIT.nano, says he expects the new equipment to come online in early 2025.

“With vital funding for installation from NEMC and after a thorough and productive planning process with Applied Materials, MIT.nano is ready to install this toolset and integrate it into our expansive capabilities that serve over 1,100 researchers from academia, startups, and established companies,” says Bulović, who is also the Fariborz Maseeh Professor of Emerging Technologies in MIT’s Department of Electrical Engineering and Computer Science. “We’re eager to add these powerful new capabilities and excited for the new ideas, collaborations, and innovations that will follow.”

As part of its arrangement with MIT.nano, Applied Materials will join the MIT.nano Consortium, an industry program comprising 12 companies from different industries around the world. With the contributions of the company’s technical staff, Applied Materials will also have the opportunity to engage with MIT’s intellectual centers, including continued membership with the Microsystems Technology Laboratories.

Although Telegram is a niche messaging service in the US and Canada, it’s absolutely gigantic worldwide, with over 104 million users in India alone. If you’re new to the service, stats like that can be a little intimidating — but they shouldn’t be, at least not on their own. Here’s what you need to know about Telegram’s security, including how to stay safe day-to-day.

Is Telegram safe and secure?

Mostly, if we’re going to boil things down. All calls and chats are encrypted to some degree, and that escalates to end-to-end encryption for calls or Secret Chats between two people, effectively preventing interception in those situations — even by Telegram. You can also require that messages, photos, videos, and other files sent in Secret Chats “self-destruct” a fixed amount of time after they’ve been seen.

Group conversations (i.e. between three or more people) don’t enjoy end-to-end encryption or self-destruction features, but they’re nevertheless one of the app’s selling points. People regularly set up permanent groups as well as Channels, the latter of which can be used to broadcast messages to hundreds, thousands, or even millions of people.

Both groups and Channels pose some unique safety issues. They can be used to spread scams, porn, and misinformation, and they’ve been implicated as fueling violence or even genocide in places like India, Pakistan, and Myanmar. Telegram does have rules and algorithms to guard against these things, including promoting any kind of violence, but it doesn’t seem to be able to enforce them consistently. Ultimately, it’s up to end users to be skeptical about other people and the messages they spread, and report anything problematic.

For those reasons you should probably steer kids towards alternative platforms. If that’s impractical, you still can go to Settings > Privacy and Security in the app and toggle on options like group controls and Restricted Mode, the latter of which censors content like nudity and violence.

An option you should probably leave disabled is People Nearby. This lets you see other Telegram users in your area, but in the past it’s been demonstrated that a hacker could exploit this to find a person’s exact location. You can make sure your location is hidden by going to Contacts > Find People Nearby and choosing Stop Showing Me.

One last point is that while Telegram is sometimes labeled open-source, that only applies to the client software. On the server side, Telegram uses a proprietary protocol called MTProto for message encryption. As a rule, security experts prefer standardized encryption libraries where all of the potential vulnerabilities are known and being addressed.

Does Telegram collect data?

Yes. By necessity, the company stores data like your username, device info, usage habits, and connecting IP address. If applicable it also records other Telegram apps you’ve used, along with your history of username changes. This metadata is stored for up to 12 months, but it’s not used for advertising or other commercial purposes.

Be aware that law enforcement and spy agencies could potentially ask Telegram to turn over server-side data, or else directly target you by seizing your phone or launching phishing and surveillance attacks. These things are true with any online service, but real-world incidents have previously occurred involving Iranian dissidents.

How to stay safe on Telegram

Generally speaking, you should have no problems on Telegram as long as you follow these principles:

• Use two-step verification. You can find the option under Settings > Privacy and Security. This makes it much harder for someone to hijack your account.
• Limit the amount of information you share. Hide your phone number, and if people don’t need to know what you look like, you can use an artistic profile image instead or set separate public and private photos. In public conversations, resist the temptation to share details that could identify you, other accounts, or your specific location.
• Stick to one-on-one calls and Secret Chats whenever possible. Friends and family may often be in the same groups, but going private ensures both end-to-end encryption and fewer chances of accidentally sharing private info.
• Think skeptically about the groups and Channels you participate in. It’s easier than it should be to get swept up in a mob mentality, especially when friends or family are pressuring you to participate, or you’re being tempted with rewards. The popularity or fervor of a group doesn’t necessarily say anything about the truth of its beliefs — always demand logic and evidence, especially if money, sex, politics, religion, and/or violence are involved.
• Don’t exchange money or account details with people you don’t know personally. Scammers may try to impersonate tech support, a bank representative, or anyone else they can think of that holds a position of trust, but no one of that status is going to ask for money or account details out of the blue using Telegram. If there’s reason for doubt, check details like a person’s username and their available contact info. You might even call a known phone number and ask them to verify the conversation.
• Don’t get emotionally attached to people you haven’t met in person. Romance/catfishing scams are all-too common. These involve a scammer flirting with you long enough to build up the illusion of a “relationship,” but then suddenly manufacturing a crisis that demands money, such as a visa or missed rent. There are even worse threats too, such as sexual predators or human trafficking. If a relationship is genuine, the person won’t object to a real-world meeting in a public place you agree to. Consider bringing one or more friends for extra safety.
• Avoid tapping on links from strangers. If someone you don’t know urges you to tap on a web link, especially in the guise of something like tech support or a giveaway, it could easily be intended to infect your device with malware or spyware, or trick you into sharing private info through a fake (a.k.a. “phishing”) website.
• If it’s too good to be true, it probably is. You’re not going to luck into lottery wins, the love of your life, luxury discounts, or once-in-a-lifetime investment opportunities through random encounters on Telegram. Stay skeptical at all times when dealing with new people.

FAQs

Pastor Brian Houston — famous former head of the Hillsong Christian megachurch in Australia — is the victim of Twitter hack!

Here are the facts:

• On February 20, 2024 at 11:41 pm, a devious hacker broke into Pastor Houston's account and posted, "Ladies and girls kissing"

• Sixteen minutes later, Houston was made aware of the breach and he posted, "I think my twitter may have been hacked"

While some uncharitable folks are saying the kindly Pastor mistakenly thought he was typing "Ladies and girls kissing" into a web browser with the safe search filter disabled, that is not the case. — Read the rest

The post "Ladies and girls kissing" shock as mega-church leader falls victim to cyber intruder! appeared first on Boing Boing.

The following is a joint announcement from MIT and Applied Materials, Inc.

MIT and Applied Materials, Inc., announced an agreement today that, together with a grant to MIT from the Northeast Microelectronics Coalition (NEMC) Hub, commits more than $40 million of estimated private and public investment to add advanced nano-fabrication equipment and capabilities to MIT.nano, the Institute’s center for nanoscale science and engineering. The collaboration will create a unique open-access site in the United States that supports research and development at industry-compatible scale using the same equipment found in high-volume production fabs to accelerate advances in silicon and compound semiconductors, power electronics, optical computing, analog devices, and other critical technologies.

The equipment and related funding and in-kind support provided by Applied Materials will significantly enhance MIT.nano’s existing capabilities to fabricate up to 200-millimeter (8-inch) wafers, a size essential to industry prototyping and production of semiconductors used in a broad range of markets including consumer electronics, automotive, industrial automation, clean energy, and more. Positioned to fill the gap between academic experimentation and commercialization, the equipment will help establish a bridge connecting early-stage innovation to industry pathways to the marketplace.

“A brilliant new concept for a chip won’t have impact in the world unless companies can make millions of copies of it. MIT.nano’s collaboration with Applied Materials will create a critical open-access capacity to help innovations travel from lab bench to industry foundries for manufacturing,” says Maria Zuber, MIT’s vice president for research and the E. A. Griswold Professor of Geophysics. “I am grateful to Applied Materials for its investment in this vision. The impact of the new toolset will ripple across MIT and throughout Massachusetts, the region, and the nation.”

Applied Materials is the world’s largest supplier of equipment for manufacturing semiconductors, displays, and other advanced electronics. The company will provide at MIT.nano several state-of-the-art process tools capable of supporting 150 and 200mm wafers and will enhance and upgrade an existing tool owned by MIT. In addition to assisting MIT.nano in the day-to-day operation and maintenance of the equipment, Applied engineers will develop new process capabilities that will benefit researchers and students from MIT and beyond.

“Chips are becoming increasingly complex, and there is tremendous need for continued advancements in 200mm devices, particularly compound semiconductors like silicon carbide and gallium nitride,” says Aninda Moitra, corporate vice president and general manager of Applied Materials’ ICAPS Business. “Applied is excited to team with MIT.nano to create a unique, open-access site in the U.S. where the chip ecosystem can collaborate to accelerate innovation. Our engagement with MIT expands Applied’s university innovation network and furthers our efforts to reduce the time and cost of commercializing new technologies while strengthening the pipeline of future semiconductor industry talent.”

The NEMC Hub, managed by the Massachusetts Technology Collaborative (MassTech), will allocate $7.7 million to enable the installation of the tools. The NEMC is the regional “hub” that connects and amplifies the capabilities of diverse organizations from across New England, plus New Jersey and New York. The U.S. Department of Defense (DoD) selected the NEMC Hub as one of eight Microelectronics Commons Hubs and awarded funding from the CHIPS and Science Act to accelerate the transition of critical microelectronics technologies from lab-to-fab, spur new jobs, expand workforce training opportunities, and invest in the region’s advanced manufacturing and technology sectors.

The Microelectronics Commons program is managed at the federal level by the Office of the Under Secretary of Defense for Research and Engineering and the Naval Surface Warfare Center, Crane Division, and facilitated through the National Security Technology Accelerator (NSTXL), which organizes the execution of the eight regional hubs located across the country. The announcement of the public sector support for the project was made at an event attended by leaders from the DoD and NSTXL during a site visit to meet with NEMC Hub members.

“The installation and operation of these tools at MIT.nano will have a direct impact on the members of the NEMC Hub, the Massachusetts and Northeast regional economy, and national security. This is what the CHIPS and Science Act is all about,” says Ben Linville-Engler, deputy director at the MassTech Collaborative and the interim director of the NEMC Hub. “This is an essential investment by the NEMC Hub to meet the mission of the Microelectronics Commons.”

MIT.nano is a 200,000 square-foot facility located in the heart of the MIT campus with pristine, class-100 cleanrooms capable of accepting these advanced tools. Its open-access model means that MIT.nano’s toolsets and laboratories are available not only to the campus, but also to early-stage R&D by researchers from other academic institutions, nonprofit organizations, government, and companies ranging from Fortune 500 multinationals to local startups. Vladimir Bulović, faculty director of MIT.nano, says he expects the new equipment to come online in early 2025.

“With vital funding for installation from NEMC and after a thorough and productive planning process with Applied Materials, MIT.nano is ready to install this toolset and integrate it into our expansive capabilities that serve over 1,100 researchers from academia, startups, and established companies,” says Bulović, who is also the Fariborz Maseeh Professor of Emerging Technologies in MIT’s Department of Electrical Engineering and Computer Science. “We’re eager to add these powerful new capabilities and excited for the new ideas, collaborations, and innovations that will follow.”

As part of its arrangement with MIT.nano, Applied Materials will join the MIT.nano Consortium, an industry program comprising 12 companies from different industries around the world. With the contributions of the company’s technical staff, Applied Materials will also have the opportunity to engage with MIT’s intellectual centers, including continued membership with the Microsystems Technology Laboratories.

Although Telegram is a niche messaging service in the US and Canada, it’s absolutely gigantic worldwide, with over 104 million users in India alone. If you’re new to the service, stats like that can be a little intimidating — but they shouldn’t be, at least not on their own. Here’s what you need to know about Telegram’s security, including how to stay safe day-to-day.

JUMP TO KEY SECTIONS

TikTok is perhaps the most controversial mainstream social network after Elon Musk’s X. Some people accuse it of being superficial, and worsening attention spans as well as the self-image of teenagers. Its harsher critics say that it can be used to spread misinformation, or that it might even be a potential attack vector for the Chinese government. So what’s the reality of the situation? Is TikTok safe to be on?

Is TikTok safe?

The answer to this is complicated. On an immediate, practical safety level, there’s not much to worry about. Millions of people watch videos on TikTok daily without being being affected by malware or data theft. Indeed the malware threat is basically non-existent unless someone tricks you into visiting a dangerous link — we’ll touch on that in the next section.

It’s when you zoom out that issues start to manifest. Some people find TikTok addictive, and it certainly doesn’t help with attention deficit problems, since the whole point is to deliver a non-stop stream of short video clips. It can distract from school or work, and like Instagram, it can potentially warp a person’s self-image — professional influencers strive to look sexy, successful, and adventurous, often well beyond what’s realistic.

TikTok has moderation to counter misinformation and disinformation — the latter being intentional — but some of it bound to slip through, and has in the past. That includes false claims about elections, vaccines, mass killings, and other topics. It wouldn’t be such an issue except that if the app’s algorithms decide you like something, they’ll feed you more of the same, and it’s possible for people to get trapped inside an ideological bubble.

For some, the greater concern is TikTok’s ownership. While the service doesn’t operate in China, its parent company — ByteDance — is based in Beijing, which has raised fears of the Chinese Communist Party gaining access to customer data or otherwise exploiting the app. In the US, the White House has banned it from devices at federal agencies, and many states have done the same. For its part ByteDance has denied any influence or control by the CCP, and in practice this concern hasn’t been made manifest.

Something else to be aware of is TikTok’s data collection. There’s more to say later on, but in brief the service knows about as much about you as a service like Facebook or X, which is to say things like personal contact info, your search and browsing history, and (if you agree) your precise location and contact lists. The company is primarily interested in making money off advertising, not anything truly insidious — but if you quit Facebook for privacy reasons, you shouldn’t be on TikTok either.

Lastly, as with any popular social network, you have to be on the lookout for scammers. To improve your defenses, we’ve identified some of the most common TikTok scams.

6 TikTok scams you should watch out for

1. Fake lotteries, giveaways, and other prizes. Scammers may claim that you’ve already won a prize, but that you need to visit a link or share personal information to claim it. If you don’t remember entering an event, don’t trust this, because it’s likely an attempt at identity theft or infecting your device with malware. Alternately a scammer may claim that you’ll automatically get a prize (such as a cash handout) for liking, following, or sharing something, but it’s never that easy.
2. Romance/catfishing scams. These are inherently rare on TikTok, but a scammer willing to play the long con might start flirting with you, gradually building up the illusion of a budding relationship. Once they’ve got sufficient trust, they’ll manufacture a reason to ask for money such as missed rent, a visa, or a medical emergency. Never get emotionally attached to someone before meeting them in person or at least taking a few video calls. If you think someone might be catfishing you, use a reverse image search tool like TinEye on their social media images — a smart scammer is going to steal photos to stay incognito.
3. Counterfeit or outright fraudulent products. Some accounts may claim to be selling “dupes,” or offering sharp discounts on genuine fashion or electronics products. You might potentially get a tangible product if you buy a dupe, but the quality could be poor, and in either scenario there’s a too-high chance a scammer will take your money and run. You shouldn’t do your shopping on TikTok, and avoid anything that sounds like online prostitution.
4. Investment scams. Some TikTokkers may try to pitch you on stocks, cryptocurrency, or pyramid/multi-level marketing (MLM) schemes that promise a high return in exchange for a small initial investment. In reality you’ll lose your money, whether because it’s stolen outright or the person’s claims are implausible. With stocks and crypto you might alternately be sold a “secret” guide to success, when the truth is that the creator’s riches come from people like you.
5. Impersonation accounts. Scammers sometimes impersonate a company or celebrity with the hope of tricking you into tapping a link or giving them money, sometimes under the pretense of a charity, giveaway, or investment opportunity. When in doubt, make sure the account’s name, images, and other details line up with what you’d expect, including their verified status.
6. Fake tech support. Whether through the TikTop app or outside of it, you might be approached by someone claiming they need you to tap a link or share account details to address the security of your TikTok account. The company does send a verification code whenever you add or change an email address or phone number, but you won’t have to tap a link, and the company will never ask you to share your account info outside of logging into the app. This scam is an attempt at identify theft or spreading malware.

Is TikTok safe for kids?

Kids probably shouldn’t be on TikTok. The app does have a 60-minute daily time limit for anyone under 18, requiring a passcode to extend it, as well as a block on direct messages if you’re 15 or under — but these requirements are often meaningless, since there’s no true age verification when you sign up. A child can easily lie about their age if they sign up solo, removing all limits on what they see. They shouldn’t encounter nudity, sex, or extreme violence, but there’s borderline content parents might not be comfortable with, not to mention concerns you might have about consumerism, distractions, or self-image.

Officially the minimum age for TikTok is 13, or 14 in some regions. If you do plan to let a teen on TikTok, you’ll want to take advantage of Family Pairing and Restricted Mode. These provide account control, though of course you’ll have to get your teen to consent to it.

What data does TikTok collect?

According to TikTok, it collects:

• Profile information, including your date or birth, email address, phone number, and anything else you share.
• All the user content you post or upload, including things like audio, photos, video, and comments.
• Clipboard content, phone contacts, and social network contacts, if you consent to sharing any of these.
• Purchase information when you make a transaction through TikTok’s systems.
• Proof of your identity or age if it’s required (say, for a livestream or verified status).
• Message content and metadata. Don’t expect conversations to be fully private, in other words.
• Usage patterns, including your Favorites, your browsing and search history, and how you interact with content, including ads.
• Device/browser information such as your IP address, phone carrier, device model, screen resolution, operating system, and even battery level.
• Approximate location based on your SIM card, IP address, or user content. Precise location (e.g. GPS) if you consent to it.
• Third-party cookies (and similar tech) used to analyze how you use TikTok or enable some features. Some of these cookies can be disabled.
• Info from linked third-party services like Facebook or Google.
• Info shared from partners like advertisers, assuming there’s a way of identifying your account data.

FAQs

This post is dedicated to the memory of Niklaus Wirth, a computing pioneer who passed away 1 January 2024. In 1995 he wrote an influential article called “A Plea for Lean Software,” published in Computer, the magazine for members of the IEEE Computer Society, which I read early in my career as an entrepreneur and software developer. In what follows, I try to make the same case nearly 30 years later, updated for today’s computing horrors. A version of this post was originally published on my personal blog, Berthub.eu.

Some years ago I did a talk at a local university on cybersecurity, titled “Cyber and Information Security: Have We All Gone Mad?” It is still worth reading today since we have gone quite mad collectively.

The way we build and ship software these days is mostly ridiculous, leading to apps using millions of lines of code to open a garage door, and other simple programs importing 1,600 external code libraries—dependencies—of unknown provenance. Software security is dire, which is a function both of the quality of the code and the sheer amount of it. Many of us programmers know the current situation is untenable. Many programmers (and their management) sadly haven’t ever experienced anything else. And for the rest of us, we rarely get the time to do a better job.

It is not just you; we are not merely suffering from nostalgia: Software really is very weird today.

Let me briefly go over the terrible state of software security, and then spend some time on why it is so bad. I also mention some regulatory and legislative things going on that we might use to make software quality a priority again. Finally, I talk about an actual useful piece of software I wrote as a proof of concept that one can still make minimal and simple yet modern software.

I hope that this post provides some mental and moral support for suffering programmers and technologists who want to improve things. It is not just you; We are not merely suffering from nostalgia: Software really is very weird today.

The terrible state of software security

Without going all “Old man (48) yells at cloud,” let me restate some obvious things. The state of software security is dire. If we only look at the past year, if you ran industry-standard software like Ivanti, MOVEit, Outlook, Confluence, Barracuda Email Security Gateway, Citrix NetScaler ADC, and NetScaler Gateway, chances are you got hacked. Even companies with near-infinite resources (like Apple and Google) made trivial “worst practice” security mistakes that put their customers in danger. Yet we continue to rely on all these products.

Software is now (rightfully) considered so dangerous that we tell everyone not to run it themselves.

Software is now (rightfully) considered so dangerous that we tell everyone not to run it themselves. Instead, you are supposed to leave that to an “X as a service” provider, or perhaps just to “the cloud.” Compare this to a hypothetical situation where cars are so likely to catch fire that the advice is not to drive a car yourself, but to leave that to professionals who are always accompanied by professional firefighters.

The assumption is then that the cloud is somehow able to make insecure software trustworthy. Yet in the past year, we’ve learned that Microsoft’s email platform was thoroughly hacked, including classified government email. (Twice!) There are also well-founded worries about the security of the Azure cloud. Meanwhile, industry darling Okta, which provides cloud-based software that enables user log-in to various applications, got comprehensively owned. This was their second breach within two years. Also, there was a suspicious spate of Okta users subsequently getting hacked.

Clearly, we need better software.

The European Union has launched three pieces of legislation to this effect: NIS2 for important services; the Cyber Resilience Act for almost all commercial software and electronic devices; and a revamped Product Liability Directive that also extends to software. Legislation is always hard, and it remains to be seen if they got it right. But that software security is terrible enough these days to warrant legislation seems obvious.

Why software security is so bad

I want to touch on incentives. The situation today is clearly working well for commercial operators. Making more secure software takes time and is a lot of work, and the current security incidents don’t appear to be impacting the bottom line or stock prices. You can speed up time to market by cutting corners. So from an economic standpoint, what we see is entirely predictable. Legislation could be very important in changing this equation.

The security of software depends on two factors—the density of security issues in the source code and the sheer amount of code accessible by hackers. As the U.S. defense community loved to point out in the 1980s, quantity has a quality all of its own. The reverse applies to software—the more you have of it, the more risks you run.

As a case in point, Apple iPhone users got repeatedly hacked over many years because of the huge attack surface exposed by iMessage. It is possible to send an unsolicited iMessage to an Apple user. The phone will then immediately process that message so it can preview it. The problem is that Apple in its wisdom decided that such unsolicited messages needed to support a vast array of image formats, accidentally including PDFs with weird embedded compressed fonts using an ancient format that effectively included a programming language. So someone could send an unsolicited message to your iPhone that could probe for weaknesses in the rest of the phone.

In this way, attackers were able to benefit from security bugs in the phone’s millions of lines of code. You don’t need a high bug density to find an exploitable hole in millions of lines of code.

Wiping out all the bugs in your code won’t save you from the decision to implement a feature to automatically execute code embedded in documents.

Apple could have prevented this situation by restricting previews to a far smaller range of image formats, or even a single “known good” image format. Apple could have saved themselves an enormous amount of pain simply by exposing fewer lines of their code to attackers. Incidentally, the E.U.’s Cyber Resilience Act explicitly tells vendors to minimize the attack surface.

Apple is (by far) not the worst offender in this field. But it is a widely respected and well-resourced company that usually thinks through what they do. And even they got it wrong by needlessly shipping and exposing too much code.

Could we not write better code?

There are those who think the biggest problem is the quality of the code, expressed in terms of the density of bugs in it. There are many interesting things happening on this front, like the use of memory safe languages like Rust. Other languages are also upping their security game. Fuzzers—test tools that automatically modify inputs to computer programs to find weaknesses and bugs—are also getting ever more advanced.

But many security problems are in the logic underlying the code. For example, the Barracuda email exploit originated in a third-party library that would actually execute code in Excel spreadsheets when they were scanned for viruses. Wiping out all the bugs in your code won’t save you from the decision to implement a feature to automatically execute code embedded in documents.

The state of shipping software

Another problem is that we often don’t know what code we are actually shipping. Software has gotten huge. In 1995 Niklaus Wirth lamented that software had grown to megabytes in size. In his article “A Plea for Lean Software,” he went on to describe his Oberon operating system, which was only 200 kilobytes, including an editor and a compiler. There are now projects that have more than 200 KB for their configuration files alone.

A typical app today is built on Electron JS, a framework that incorporates both Chromium (“Chrome”) and Node.JS, which provides access to tens of thousands of software packages for JavaScript. I estimate just using Electron JS entails at least 50 million lines of code if you include dependencies. Perhaps more. The app meanwhile likely pulls in hundreds or thousands of helper packages. Many packages used will also, by default, snitch on your users to advertisers and other data brokers. Dependencies pull in further dependencies, and exactly what gets included in the build can change on a daily basis, and no one really knows.

If this app controls anything in your house, it will also connect to a software stack over at Amazon, probably also powered by Node.js, also pulling in many dependencies.

We are likely looking at over 50 million active lines of code to open a garage door….

But wait, there’s more. We used to ship software as the output of a compiler, or perhaps as a bunch of files to be interpreted. Such software then had to be installed and configured to work right. Getting your code packaged to ship like this is a lot of work. But it was good work since it forced people to think about what was in their “package.” This software package would then integrate with an operating system and with local services, based on the configuration.

Since the software ran on a different computer than the one it was developed on, people really had to know what they shipped and think it through. And sometimes it didn’t work, leading to the joke where a developer tells the operations people, “Well, it works on my system,” and the retort “Then back up your email, we’re taking your laptop into production!”

This used to be a joke, but these days we often ship software as containers, shipping not only the software itself but also including operating system files to make sure the software runs in a well-known environment. This frequently entails effectively shipping a complete computer disk image. This again vastly expands the amount of code being deployed. Note that you can do good things with containers like Docker (see below), but there are a lot of images over 350 MB on the Docker Hub.

Add it all up and we are likely looking at over 50 million active lines of code to open a garage door, running several operating-system images on multiple servers.

Now, even if all the included dependencies are golden, are we sure that their security updates are making it to your garage door opener app? I wonder how many Electron apps are still shipping with the image processing bug that had Google and Apple scramble to put out updates last year. We don’t even know.

But even worse, it is a known fact that all these dependencies are not golden. The Node.js ecosystem has a comical history of package repositories being taken over, hijacked, or resurrected under the same name by someone else, someone with nefarious plans for your security. PyPI (a Python counterpart of Node.js) has suffered from similar problems. Dependencies always need scrutiny, but no one can reasonably be expected to check thousands of them frequently. But we prefer not to think about this. (Note that you should also not overshoot and needlessly reimplement everything yourself to prevent dependencies. There are very good modules that likely are more secure than what you could type in on your own.)

The world is shipping far too much code where we don’t even know what we ship and we aren’t looking hard enough (or at all) at what we do know we ship.

You can write lean code today

Writing has been called the process by which you find out you don’t know what you are talking about. Actually doing stuff, meanwhile, is the process by which you find out you also did not know what you were writing about.

In a small reenactment of Wirth’s Oberon Project, I too wrote some code to prove a point, and to reassure myself I still know what I am talking and writing about. Can you still make useful and modern software the old way? I decided to try to create a minimalistic but full-featured image-sharing solution that I could trust.

Trifecta is the result. It is actual stand-alone software that lets you use a browser to drag and drop images for easy sharing. It has pained me for years that I had to use imgur for this purpose. Not only does imgur install lots of cookies and trackers in my browser, I also force these trackers onto the people who view the images that I share. If you want to self-host a Web service like this, you also don’t want to get hacked. Most image-sharing solutions I found that you could run yourself are based on huge frameworks that I don’t trust too much for the reasons outlined above.

So, also to make a point, I decided to create a minimalistic but also useful image-sharing solution that I could trust. And more important, that other people could trust as well, because you can check out all Trifecta’s code within a few hours. It consists of 1,600 lines of new source code, plus around five important dependencies.

You end up with a grand total of 3 megabytes of code.

To contrast, one other image-sharing solution ships as a 288-MB Docker image, although admittedly it looks better and has some more features. But not 285 MB worth of them. Another comparison is this Node-based picture-sharing solution, which clocks in at 1,600 dependencies, apparently totaling over 4 million lines of JavaScript.

The world ships too much code, most of it by third parties, sometimes unintended, most of it uninspected.

Note that Trifecta is not intended as a public site where random people can share images, as that does not tend to end well. It is however very suitable for company or personal use. You can read more about the project here, and there is also a page about the technology used to deliver such a tiny self-contained solution.

Response to Trifecta

This has been rather interesting. The most common response to Trifecta so far has been that I should use a whole bag of Amazon Web Services to deploy it. This is an exceedingly odd response to a project with the clearly stated goal of providing stand-alone software that does not rely on external services. I’m not sure what is going on here.

Another reaction has been that I treat Docker unfairly, and that you could definitely use containers for good. And I agree wholeheartedly. But I also look at what people are actually doing (also with other forms of containers or virtual machines), and it’s not so great.

I want to end this post with some observations from Niklaus Wirth’s 1995 paper:

“To some, complexity equals power. (…) Increasingly, people seem to misinterpret complexity as sophistication, which is baffling—the incomprehensible should cause suspicion rather than admiration.”

I’ve similarly observed that some people prefer complicated systems. As Tony Hoare noted long ago, “[T]here are two methods in software design. One is to make the program so simple, there are obviously no errors. The other is to make it so complicated, there are no obvious errors.” If you can’t do the first variant, the second way starts looking awfully attractive perhaps.

Back to Wirth:

“Time pressure is probably the foremost reason behind the emergence of bulky software. The time pressure that designers endure discourages careful planning. It also discourages improving acceptable solutions; instead, it encourages quickly conceived software additions and corrections. Time pressure gradually corrupts an engineer’s standard of quality and perfection. It has a detrimental effect on people as well as products.”

Why spend weeks paring down your software when you can also ship a whole pre-installed operating-system image that just works?

“The plague of software explosion is not a ‘law of nature.’ It is avoidable, and it is the software engineer’s task to curtail it.”

If this is indeed on the shoulders of software people, we should perhaps demand more time for it.

The world ships too much code, most of it by third parties, sometimes unintended, most of it uninspected. Because of this, there is a huge attack surface full of mediocre code. Efforts are ongoing to improve the quality of code itself, but many exploits are due to logic fails, and less progress has been made scanning for those. Meanwhile, great strides could be made by paring down just how much code we expose to the world. This will increase time to market for products, but legislation is around the corner that should force vendors to take security more seriously.

Trifecta is, like Wirth’s Oberon Project mentioned above, meant as a proof that you can deliver a lot of functionality even with a limited amount of code and dependencies. With effort and legislation, maybe the future could again bring sub-50-million-line garage-door openers. Let’s try to make it happen.

The following is a joint announcement from MIT and Applied Materials, Inc.

MIT and Applied Materials, Inc., announced an agreement today that, together with a grant to MIT from the Northeast Microelectronics Coalition (NEMC) Hub, commits more than $40 million of estimated private and public investment to add advanced nano-fabrication equipment and capabilities to MIT.nano, the Institute’s center for nanoscale science and engineering. The collaboration will create a unique open-access site in the United States that supports research and development at industry-compatible scale using the same equipment found in high-volume production fabs to accelerate advances in silicon and compound semiconductors, power electronics, optical computing, analog devices, and other critical technologies.

The equipment and related funding and in-kind support provided by Applied Materials will significantly enhance MIT.nano’s existing capabilities to fabricate up to 200-millimeter (8-inch) wafers, a size essential to industry prototyping and production of semiconductors used in a broad range of markets including consumer electronics, automotive, industrial automation, clean energy, and more. Positioned to fill the gap between academic experimentation and commercialization, the equipment will help establish a bridge connecting early-stage innovation to industry pathways to the marketplace.

“A brilliant new concept for a chip won’t have impact in the world unless companies can make millions of copies of it. MIT.nano’s collaboration with Applied Materials will create a critical open-access capacity to help innovations travel from lab bench to industry foundries for manufacturing,” says Maria Zuber, MIT’s vice president for research and the E. A. Griswold Professor of Geophysics. “I am grateful to Applied Materials for its investment in this vision. The impact of the new toolset will ripple across MIT and throughout Massachusetts, the region, and the nation.”

Applied Materials is the world’s largest supplier of equipment for manufacturing semiconductors, displays, and other advanced electronics. The company will provide at MIT.nano several state-of-the-art process tools capable of supporting 150 and 200mm wafers and will enhance and upgrade an existing tool owned by MIT. In addition to assisting MIT.nano in the day-to-day operation and maintenance of the equipment, Applied engineers will develop new process capabilities that will benefit researchers and students from MIT and beyond.

“Chips are becoming increasingly complex, and there is tremendous need for continued advancements in 200mm devices, particularly compound semiconductors like silicon carbide and gallium nitride,” says Aninda Moitra, corporate vice president and general manager of Applied Materials’ ICAPS Business. “Applied is excited to team with MIT.nano to create a unique, open-access site in the U.S. where the chip ecosystem can collaborate to accelerate innovation. Our engagement with MIT expands Applied’s university innovation network and furthers our efforts to reduce the time and cost of commercializing new technologies while strengthening the pipeline of future semiconductor industry talent.”

The NEMC Hub, managed by the Massachusetts Technology Collaborative (MassTech), will allocate $7.7 million to enable the installation of the tools. The NEMC is the regional “hub” that connects and amplifies the capabilities of diverse organizations from across New England, plus New Jersey and New York. The U.S. Department of Defense (DoD) selected the NEMC Hub as one of eight Microelectronics Commons Hubs and awarded funding from the CHIPS and Science Act to accelerate the transition of critical microelectronics technologies from lab-to-fab, spur new jobs, expand workforce training opportunities, and invest in the region’s advanced manufacturing and technology sectors.

The Microelectronics Commons program is managed at the federal level by the Office of the Under Secretary of Defense for Research and Engineering and the Naval Surface Warfare Center, Crane Division, and facilitated through the National Security Technology Accelerator (NSTXL), which organizes the execution of the eight regional hubs located across the country. The announcement of the public sector support for the project was made at an event attended by leaders from the DoD and NSTXL during a site visit to meet with NEMC Hub members.

“The installation and operation of these tools at MIT.nano will have a direct impact on the members of the NEMC Hub, the Massachusetts and Northeast regional economy, and national security. This is what the CHIPS and Science Act is all about,” says Ben Linville-Engler, deputy director at the MassTech Collaborative and the interim director of the NEMC Hub. “This is an essential investment by the NEMC Hub to meet the mission of the Microelectronics Commons.”

MIT.nano is a 200,000 square-foot facility located in the heart of the MIT campus with pristine, class-100 cleanrooms capable of accepting these advanced tools. Its open-access model means that MIT.nano’s toolsets and laboratories are available not only to the campus, but also to early-stage R&D by researchers from other academic institutions, nonprofit organizations, government, and companies ranging from Fortune 500 multinationals to local startups. Vladimir Bulović, faculty director of MIT.nano, says he expects the new equipment to come online in early 2025.

“With vital funding for installation from NEMC and after a thorough and productive planning process with Applied Materials, MIT.nano is ready to install this toolset and integrate it into our expansive capabilities that serve over 1,100 researchers from academia, startups, and established companies,” says Bulović, who is also the Fariborz Maseeh Professor of Emerging Technologies in MIT’s Department of Electrical Engineering and Computer Science. “We’re eager to add these powerful new capabilities and excited for the new ideas, collaborations, and innovations that will follow.”

As part of its arrangement with MIT.nano, Applied Materials will join the MIT.nano Consortium, an industry program comprising 12 companies from different industries around the world. With the contributions of the company’s technical staff, Applied Materials will also have the opportunity to engage with MIT’s intellectual centers, including continued membership with the Microsystems Technology Laboratories.