Router security in jeopardy. - CyberWire Daily

Summary7 min read

CyberWire Daily: "Router Security in Jeopardy" – December 9, 2024

Host: Dave Buettner | Produced by N2K Networks

Introduction

On December 9, 2024, the CyberWire Daily episode titled "Router Security in Jeopardy" delves into a spectrum of pressing cybersecurity issues, ranging from critical vulnerabilities in consumer devices to sophisticated malware campaigns and significant ransomware attacks. The episode also features an insightful interview with Anna Pobletz, Head of Passwordless at 1Password, discussing the evolution of passkeys and the future of passwordless security. This comprehensive summary captures the essence of the episode, highlighting key discussions, expert insights, and notable quotes.

Major Security Incidents

1. Critical Zero-Day Vulnerabilities in Japanese Routers

At the outset, Dave Buettner reports a critical zero-day discovered in routers manufactured by Japanese company IO Data. These vulnerabilities pose severe risks, including the ability to disable firewalls, execute arbitrary commands, and expose sensitive information.

Key Details:
- Patch Status: Only one of the three vulnerabilities has been patched, with the remaining fixes expected by mid-December.
- Exploitation: The zero-days are actively exploited in the wild, prompting IO Data to urge users to apply available updates immediately.
- Attack Vectors: The flaws allow attackers to:
  - Steal authentication data
  - Execute administrative commands
  - Remotely modify device settings

Notable Quote:

"Users are advised to apply available updates promptly." – IO Data Representative [00:30]

2. Romania's Annulled Presidential Election Amid Cyber Concerns

Romania's Constitutional Court has annulled the first round of its 2024 presidential election due to concerns over Russian interference and election irregularities.

Key Details:
- Candidates: Far-right Colin Giudescu led with 22.9% of the vote, while centrist Elena Lasconi garnered 19.2%.
- Cyberattacks: Over 85,000 cyberattacks targeted election systems, with public protests erupting in response.
- Political Climate: Giudescu's ultranationalist stance contrasts with Lasconi's pro-Western agenda, exacerbating tensions.

Notable Quote:

"This unprecedented decision cancels a scheduled runoff and mandates restarting the election process to ensure legality and fairness under their constitution." – Dave Buettner [03:15]

3. Sophisticated Malware Campaign Targeting macOS Users

Researchers at Cato Security Labs have identified a sophisticated malware campaign targeting macOS users, disguised as a video meeting application.

Key Details:
- Functionality: The malware steals data from macOS keychains, Chromium-based browsers, Telegram, and cryptocurrency wallets.
- Tactics: Employs AI-generated websites and cloned Telegram contacts to build trust and facilitate phishing attempts.
- Impact: Bypasses two-factor authentication by exploiting browser session cookies.

Notable Quote:

"Victims report phishing attempts linked to blockchain and cryptocurrency work." – Dave Buettner [05:00]

4. Mandiant's Discovery: Bypassing Browser Isolation with QR Codes

Mandiant has uncovered a novel method to bypass browser isolation by embedding commands within QR codes on web pages.

Key Details:
- Technique: Commands encoded in QR codes are decoded by infected devices, facilitating malicious control.
- Limitations: The method is constrained by low data transfer rates and latency but highlights vulnerabilities in existing defenses.
- Implications: Emphasizes the need for layered security strategies to counter such sophisticated attack vectors.

Notable Quote:

"This method demonstrates vulnerabilities in current defenses, emphasizing the need for layered security strategies." – Dave Buettner [06:45]

5. Arrests in Belgian and Dutch Online Fraud Schemes

Authorities in Belgium and the Netherlands have arrested eight individuals linked to extensive online fraud operations involving phishing, scams, and money laundering.

Key Details:
- Operations: Active since 2022, targeting over 10 European countries with phishing emails, texts, and in-person impersonations.
- Assets Seized: Luxury goods, cash, and a firearm were confiscated during 17 search operations.
- Suspects' Lifestyle: The fraudsters operated high-end call centers and indulged in lavish lifestyles funded by stolen millions.

Notable Quote:

"The suspects operated call centers in high-end locations and spent the stolen millions on lavish lifestyles." – Dave Buettner [08:20]

6. Ransomware Attacks on Artivion and Anna Jakes Hospital

Artivion Attack:
- Impact: Disrupted order and shipping processes, forcing some systems offline.
- Response: Containment and remediation efforts are ongoing, with some uninsured expenses expected.
- Claim: No threat actor has publicly claimed responsibility.
Anna Jakes Hospital Attack:
- Impact: Ransomware attack exposed sensitive data of over 310,000 patients.
- Response: Identity protection and credit monitoring offered to affected individuals.
- Perpetrators: Money Message Group leaked data after failed extortion attempts.

Notable Quote:

"The attack hasn't materially impacted finances but acknowledged potential risks if restoration delays persist." – Artivion Representative [10:10]

7. Termite Ransomware Gang Targets Blue Yonder

The Termite ransomware gang has claimed responsibility for a significant attack on Blue Yonder, a Panasonic subsidiary specializing in supply chain software.

Key Details:
- Impact: Disrupted services for high-profile clients like Starbucks and Morrison's, causing scheduling and shipping delays.
- Data Compromised: Approximately 680 gigabytes, including databases, emails, and documents.
- Response: Blue Yonder has begun restoring services and collaborating with cybersecurity experts.

Notable Quote:

"The gang uses a Babuk-based encryptor and has listed Blue Yonder and other victims on its dark web portal." – Dave Buettner [11:05]

8. Synology Patches Multiple Router Manager Vulnerabilities

Synology has released patches addressing several moderate-severity vulnerabilities in its router manager software.

Key Details:
- Vulnerabilities: Involve cross-site scripting (XSS) in features like File Station, Wi-Fi Connect, and DDNS.
- Exploitation: Requires authenticated, often administrator-level access to inject malicious scripts or manipulate sessions.
- Recommendation: Users are urged to update to the latest software version to mitigate risks.

Notable Quote:

"Synology urges users to update to the latest version to mitigate risks." – Dave Buettner [11:50]

Insights from U.S. Cyber Command

Air Force General Timothy D. Hogg, Commander of U.S. Cyber Command and Director of the NSA, addressed the challenges in intelligence distribution at the Reagan Defense Forum.

Key Points:
- Strengths: The U.S. excels in intelligence collection and analysis.
- Challenges: Timely and effective delivery of intelligence to decision-makers remains a hurdle.
- Cyber Threats: Highlighted the Chinese-led "Salt Typhoon" hack targeting companies and political figures.
- Collaboration: Emphasized enhancing partnerships with allies and the private sector to protect critical infrastructure.
- Initiatives: Mentioned the Enduring Security Framework aimed at bolstering telecommunications defenses.

Notable Quote:

"The US excels at collecting and analyzing intelligence, but timely and effective delivery to decision makers remains a challenge." – Gen. Timothy D. Hogg [12:30]

Interview with Anna Pobletz: The Future of Passkeys and Passwordless Security

In a featured segment, Anna Pobletz from 1Password discusses the current state and future trajectory of passkeys in achieving a passwordless world.

Adoption and Benefits of Passkeys

Definition: Passkeys provide a passwordless login experience, leveraging biometric data and cryptographic methods to authenticate users without traditional passwords.
Adoption Rate: Significant growth observed in 2024, with over 200 websites supporting passkeys, including major brands like Amazon, Discord, and Walmart.
User Preference: Amazon reported over 175 million passkeys enabled users, while 1Password tracks 2.1 million passkey authentications monthly.

Notable Quotes:

"Passkeys are a new way to log into websites and applications that is fully passwordless." – Dave Buettner [15:02]

"People are actually choosing passkeys over passwords... it's really showing that when the technology is available to them, people are using it and they like the experience." – Dave Buettner [16:11]

Barriers to Adoption

Education: Users need more awareness and understanding of passkeys' benefits.
User Experience: Ensuring seamless integration into existing workflows to encourage usage.
Technical Enhancements: Ongoing improvements to make passkeys more user-friendly and easier for developers to implement.

Notable Quotes:

"Passwords are really ingrained in our online experiences... we need to get people a little just more comfortable and confident using a new technology." – Anna Pobletz [17:40]

"Passkeys are so much better. And I really think once you have that experience, you won't want to go back." – Dave Buettner [23:31]

The Role of Password Managers in a Passwordless Future

Contrary to concerns, the shift to passkeys enhances the relevance of password managers by enabling synchronization and management of multiple credential types across platforms.

Notable Quote:

"With the whole point of 1Password is that you can sync all of your credentials... it actually kind of becomes more necessary and more beneficial." – Dave Buettner [22:19]

AI and Robotics: The Robot Rat Study

In a fascinating twist, researchers from the Beijing Institute of Technology and the Technical University of Munich have developed a robot rat capable of mimicking real rat behavior convincingly enough to interact socially with actual rats.

Key Details:
- Design: Features a flexible spine, nimble head, and functioning forelimbs to emulate rat movements and behaviors.
- Functionality: Capable of friendly interactions like nuzzling and assertive actions like cage scuffles.
- Purpose: Aims to study social behaviors and emotional states in rats by providing a controllable doppelgänger.

Notable Quote:

"The robot doesn't look entirely rat-like... it's more a rat on wheels, but evidently it's got the moves." – Dave Buettner [24:26]

Conclusion

The "Router Security in Jeopardy" episode of CyberWire Daily encapsulates a broad spectrum of cybersecurity challenges and advancements. From critical vulnerabilities in everyday devices to the transformative potential of passkeys in achieving a passwordless future, the episode provides listeners with a thorough understanding of the current cybersecurity landscape. Additionally, the innovative research on robot rats underscores the ever-evolving intersection of AI and biology. As cyber threats become increasingly sophisticated, the insights and discussions presented by industry experts like Anna Pobletz are invaluable for staying ahead in the dynamic world of cybersecurity.

Listen to the full episode here or visit the CyberWire Daily for more insights and updates.

Loading summary

Transcript19 lines

[00:02]
Dave Buettner
You're listening to the Cyberwire Network, powered by N2K.
[00:13]
Anna Pobletz
Quick question. Do your end users always, and I mean always without exception, work on company owned devices and IT approved apps? I didn't think so. So my next question is how do you keep your company's data safe when it's sitting on all those unmanaged apps and devices? 1Password has an answer to this Extended Access Management 1Password Extended Access Management helps you secure every sign in for every app on every device because it solves the problems traditional IAM and MDM can't touch. And it's now available to companies with Okta and Microsoft Entra and in beta for Google Workspace customers. Check it out@1Password.com cyberwire that's 1Password.com cyberwire A critical zero day is confirmed by a Japanese router maker Romania annuls the first round of its 2024 presidential election over concerns of Russian interference. A sophisticated malW campaign targets macOS users. Mandiant uncovers a method to bypass browser isolation using QR codes. Belgian and Dutch authorities arrest eight individuals linked to online fraud schemes. A medical device company discloses a ransomware attack A community hospital in Massachusetts confirms a ransomware attack affecting over 300,000. The Termite ransomware gang claims responsibility for the attack on Blue Yonder. Synology patches multiple vulnerabilities in its router manager software. The head of U.S. cyber Command outlines the challenges of keeping decision makers up to date. Our guest is Anna Poblitz, head of passwordless, at 1Password, discussing the state of passkeys and robot rats. Join the mischief. It's Monday, December 9, 2024. I'm Dav and this is your Cyberwire Intel Briefing. Happy Monday and thank you for joining us once again. It is great as always to have you here with us. Japanese device maker IO Data confirmed the exploitation of critical zero day vulnerabilities in its routers, with full patches delayed until mid December. The flaws include risks of disabling firewalls, executing arbitrary commands, and exposing sensitive information. The three vulnerabilities allow attackers to steal authentication data, execute commands as an admin, or modify device settings remotely. While a firmware update addresses one of the issues, fixes for the other flaws are pending. The zero days, reported by Japanese researchers and coordinated through a national cybersecurity partnership, remain under wraps. IO Data urged caution, highlighting ongoing exploitation of these vulnerabilities in the wild. Users are advised to apply available updates promptly. Romania's Constitutional Court annulled the first round of its 2024 presidential election narrowly won by far right candidate Colin Giudescu, citing concerns over Russian interference and election irregularities. This unprecedented decision cancels a scheduled runoff and mandates restarting the election process to ensure legality and fairness under their constitution. Giudescu, boosted by alleged TikTok manipulation and cyber attacks traced to a state level actor, led with 22.9% of the vote, ahead of centrist Elena Lasconi's 19.2%. The campaign faced over 85,000 cyberattacks on election systems, prompting warnings from the US about Romania's pro Western stability. Public protests erupted in Bucharest with large pro Europe demonstrations opposing Giudescu's ultranationalist stance. Giudescu's rise, fueled by economic frustrations and anti Ukraine rhetoric, contrasts with Lusconi's pro Western agenda, deepening tensions in this contentious election. Researchers at Cato Security Labs have uncovered a sophisticated malware campaign targeting macOS users active for over 4 months. Disguised as a video meeting app, the malware steals sensitive data from macOS keychain chromium based browsers, Telegram and cryptocurrency wallets. Hackers use AI generated websites, fake social media accounts and cloned Telegram contacts to build trust and lure victims. Victims report phishing attempts linked to blockchain and cryptocurrency work. The malware also exploits browser session cookies, bypassing two factor authentication. Despite offering cross platform downloads, the campaign only delivers macOS malware, prompting users for passwords under false error messages. Experts say users should stay vigilant against unsolicited business offers, especially on Telegram. Mandiant uncovered a method to bypass browser isolation using QR codes for command and control operations. Browser isolation safeguards local systems by executing web scripts remotely and streaming only visuals back to users. Mandiant's technique embeds commands in QR codes displayed on web pages, which isolation mechanisms do not filter. Infected devices decode these commands for malicious use. Though limited by low data transfer rates and latency, the method demonstrates vulnerabilities in current defenses, emphasizing the need for layered security strategies. Belgian and Dutch authorities arrested eight individuals linked to a fraud scheme involving phishing, online scams and money laundering. The operation, active since 2022, used phishing emails, texts and in person impersonations to steal banking credentials. Targeting older victims across 10 European countries, law enforcement conducted 17 searches seizing luxury goods, cash and a firearm. The suspects operated call centers in high end locations and spent the stolen millions on lavish lifestyles. Arrests included four in Belgium and four in the Netherlands, with investigations ongoing. Medical device company Artivion disclosed a ransomware attack that disrupted order and shipping processes by forcing some systems offline. The Atlanta based firm, which markets cardiac and vascular products to over 100 countries, identified the attack on November 21. Files were encrypted and exfiltrated, prompting containment and remediation efforts. While Artivion continues operations with mitigated disruptions, it expects some uninsured expenses. The company stated the attack hasn't materially impacted finances but acknowledged potential risks if restoration delays persist. No threat actor has claimed responsibility Anna Jakes Hospital, a community hospital in Massachusetts, confirmed a ransomware attack on December 5th of 2023, exposing sensitive data for over 310,000 patients. Threat actors from the Money Message Group leaked stolen data, including personal, medical and financial information, after failed extortion attempts. The hospital's lengthy forensic Investigation concluded on November 5th of this year. While no fraud has been detected, impacted individuals are being offered identity protection and credit monitoring. The Termite ransomware gang has claimed responsibility for the November attack on software as a service provider Blue Yonder disrupting services for high profile clients like Starbucks, Sandsberry's and Morrison's. Blue Yonder, a Panasonic subsidiary specializing in supply chain Software, serves over 3,000 customers worldwide, including Microsoft, DHL and Procter and Gamble. The attack caused outages across Blue Yonder's managed services, impacting Starbucks scheduling systems and causing shipping delays for companies like BIC. Termite claims to have stolen 680 gigabytes of data, including databases, emails, documents and reports. The gang uses a Babuk based encryptor and has listed Blue Yonder and other victims on its dark web portal. Blue Yonder has restored services for some customers and is working with cybersecurity experts to help mitigate the breach, but it has not confirmed the extent of the data compromise. Synology has patched multiple moderate severity vulnerabilities in its router manager software. The flaws involve cross site scripting vulnerabilities across features like File Station, wi Fi Connect and ddns. Record exploitation requires authenticated, often administrator level access and could allow attackers to inject malicious web scripts, steal data or manipulate sessions. Synology urges users to update to the latest version to mitigate risks. Air Force Gen. Timothy D. Hogg, commander of U.S. cyber Command and director of the NSA, emphasized the need to enhance intelligence distribution. Speaking at the Reagan Defense Forum yesterday, General Hogg said the US Excels at collecting and analyzing intelligence, but timely and effective delivery to decision makers remains a challenge. He highlighted the Chinese led salt typhoon hack, which targeted companies and political figures as part of China's broader cyber strategy he stressed the importance of educating allies and strengthening partnerships with industry to protect critical infrastructure. Hogg noted progress in cooperation between the nsa, cisa, FBI and private sector partners, but called for faster, more effective collaboration. Initiatives like the Enduring Security Framework aim to bolster telecommunications infrastructure defenses. As a combat support agency, the NSA ensures military commanders, particularly those in active threat zones like the Red Sea, receive actionable intelligence. Additionally, the NSA supports US European Command in delivering unified signals intelligence for military and policy decisions. Coming up after the break, Anna Pobletz from 1Password joins me to discuss the state of Passke and Robot Racks. Join the mischief.
[12:23]
Sponsor Voice
And now a word from our sponsor, Know before it's all connected and we're not talking conspiracy theories when it comes to infosec tools, effective integrations can make or break your security stack. The same should be true for security awareness training. KnowBe4, provider of the world's largest library of security awareness training, provides a way to integrate your existing security stack tools to help you strengthen your organization's security culture. KnowBe4's security coach uses standard APIs to quickly and easily integrate with your existing security products from vendors like Microsoft, CrowdStrike and Cisco 35 vendor integrations and Counting Security Coach analyzes your security stack alerts to identify events related to any risky security behavior from your users. Use this information to set up real time coaching campaigns targeting risky users based on those events from your network, endpoint, identity or web security vendors. Then coach your users at the moment the risky behavior occurs with contextual security tips delivered via Microsoft Teams, Slack or email. Learn more@knowbefore.com SecurityCoach that's knowbefore.com SecurityCoach and we thank KnowBefore for sponsoring our show.
[13:55]
Identity Architects and engineers Modernize your identity systems with Strata. Integrate legacy apps with any idp, ensure seamless identity failover, and apply MFA without touching app code. Strata offers robust, efficient identity management, reducing tech debt and enhancing security. Gain peace of mind and operational efficiency with Strata's comprehensive solutions. Visit Strata IO, share your biggest identity challenge and enjoy free AirPods Pro. Optimize your identity solutions today. Visit Strata IO CyberWire and our thanks to Strata for being a longtime friend and supporter of this podcast.
[14:50]
Anna Pobletz
Anna Publitz is head of Passwordless and one Password. I recently caught up with her to discuss the state of passkeys and what she sees on the road to a truly passwordless future.
[15:02]
Dave Buettner
So passkeys are a new way to log into websites and applications that is fully passwordless, so there are no passwords in the mix and the goal here is really, from my perspective, to remove the human error from logging into apps and websites by giving you a really easy, frictionless login experience where all of the security is just built straight into the technology. The goal is to solve what I think is the biggest problem with passwords, which is that they put all of the burden on users to be secure. Right. You have to think up a password, remember it, not type it into a phishing site, all of these things. Whereas with passkeys, that's automatic. So from a user perspective, it really just looks and feels like you're unlocking your device, something like face id, Touch id, Windows, hello. And you're getting all of these really great security benefits behind the scenes. So obviously a big step up from passwords, right? That's kind of the goal here.
[16:01]
Anna Pobletz
Yeah, absolutely. And I think it succeeds in those sorts of things that it set out to do. What are you all tracking in terms of an adoption rate?
[16:11]
Dave Buettner
Yeah, this just the last year, like 2024, has been really huge for passkey adoption. There's been a lot of momentum. We have. One of the things we track is sites that have implemented passkeys. So we have a site called Passkey Directory. It has actually more than doubled in size this year. We're at over 200 websites that support passkeys, which is incredible. And a lot of them are really big consumer brands. Things like Amazon, Discord, Target, Walmart, Canva. These brands reach millions and millions of people every single day, which is so cool. And I think what's most exciting to me when I look at the data that we've collected and the data from other folks, is that it's not just that these websites are adding support for passkeys and then maybe shoving that functionality in a corner somewhere for just the really techie people to find. Like, people are actually choosing passkeys over passwords. So Amazon reported that over 175 million people have enabled passkeys. And then at 1Password, we're tracking over 2.1 million passkey authentications per month. And I think this is really showing that when the technology is available to them, people are using it and they like the experience and they're actively choosing it over passwords. That's the thing that I think I'm most excited to see in this past year.
[17:34]
Anna Pobletz
What are some of the lingering barriers, if you will, when it comes to people adopting passkeys?
[17:40]
Dave Buettner
Yeah, I think if you had asked me a few years ago, I probably would say that there's a lot. There's a lot of education to do, a lot of exposure. And I think there still is that for sure, and we need to continue to do it. I probably also would have said there's a lot of technical barriers, like not every platform supports passkeys yet. But I think at this point that's not really the case anymore. And it's really about continuing the education and exposure that we're already working on and continuing the technical improvements that we're working on to make it more accessible and easier. But it's a lot of continuing the same things we've been doing. So if you think about like education side of things, you, passwords are really ingrained in our online experiences that and we need to get people a little just more comfortable and confident using a new technology. So educating them on the benefits is really huge. And I found that once people use a passkey for the first time, they really love it. But there are still a lot of people who just haven't had that experience and haven't had that aha moment. And so it's about getting them to that. And then on the technical side, you know, passkeys are supported on every modern platform now, which is amazing. And so it's really about small tweaks that we're making to the technical specifications to make it more user friendly, to make it easier for developers and businesses to implement passkeys in their websites, and just things that will continue to evolve over time as we learn from the companies that are adopting. One thing that I've been thinking about is, you know, how can we really make the rate of adoption faster, like maybe even exponential, right? Like if we're kind of doing these things that are getting us a lot of progress right now, could we speed it up? And so one thing I've been thinking about is how can we maybe push adoption as far down the tech stack as possible, like the platforms or the infrastructure and the like auth libraries and frameworks that people are using those support passkeys by default instead of passwords and password hashing. That could go a really long way for every new app just out of the box uses passkeys.
[19:51]
Anna Pobletz
You know, my own experience with passkeys, I admit, has been a little mixed. I was enthusiastic at the start, you know, to see this new way of approaching security and, you know, read up on the stuff going on behind the scenes and how it worked. And I'm all in on the notion that this is a better way for most people. I do use a passkey on one of my major accounts but that's it. And I have to say I'm left scratching my head a little bit as to why haven't I adopted it in more places. I think maybe because it does require some effort and kind of checking in with the things that I use day to day to see if they are passkey capable is a story I'm telling. One that you've heard before is, am I in a common situation?
[20:47]
Dave Buettner
Yeah, I think that's a totally natural way to feel. Right. Like if a website supports passkeys, but they're not making that functionality available to you in a way that fits with the workflow that you're trying to accomplish when you go to that website, it's going to be really hard for you to make the effort to go sign into a website just to go to your profile page and add a passkey. Right. Like that. That's a pretty strong choice that you're making to go do that. And so a lot of the research that's been done by the Fido alliance and other companies as well is around, like when and how do we prompt users to upgrade to passkeys, or there's even some work coming probably next year around how can websites automatically make passkeys for users and upgrade them automatically? And so I think there's a lot of things like that, both on the UX research side and on the technical improvements that can help take the user out of that process a little bit or make it really seamless. So an obvious example is password reset. If you just forgot your password and you had to go do a reset, that is a perfect time to say, would you like to upgrade to a passkey? Right. Because you just had to deal with the pain. Right? Yeah. And so that makes sense. But if you're in the middle of trying to purchase something on a website, you're probably like, why are you asking me to do this?
[22:04]
Anna Pobletz
Right.
[22:05]
Dave Buettner
And so the timing, I think, really, really matters. And it's really important.
[22:10]
Anna Pobletz
Now, as someone who works at an organization that provides a password manager, does this put the company's future in peril?
[22:19]
Dave Buettner
Yeah, we get that question a lot. And I actually think it's the opposite. Because one of the challenges with passkeys is that they are typically, at least in the past, pre, you know, iCloud and 1Password and things like that, they were bound to a specific device and that was a big part of what passkeys were. But with, you know, whether it's your ICLOUD or your 1Password, the whole point of 1Password is that you can sync all of your credentials, whether that's passwords, passkeys, credit card information, documents, OTP codes. You can sync that really seamlessly across any platform, anywhere you need access to those credentials. And that's really hard with passkey. So I actually think there's an even better case for using something like a password manager or a credential manager. In this type of world where you have all different types of credentials you need to manage, it actually kind of becomes more necessary and more beneficial in that case.
[23:14]
Anna Pobletz
All right, well, before we wrap up here, I mean, what is your advice for those who are passkey curious? You know, maybe have similar to me, dipped their toes in a little while back, but haven't revisited it in a while. Is this a good time to re explore where we stand?
[23:32]
Dave Buettner
Yeah, I think so much has changed in the last year. I think passkeys for me are really about giving people confidence and peace of mind in their security online. And I think they are the future. I think they're a huge win over passwords from both a security and a usability perspective. And I would really encourage anyone if you either haven't signed up with a passkey on a website or you have, but it's been a really long time to go give it a shot, like whether you're a 1Password user or not, your passkeys are so much better. And I really think once you have that experience, you won't want to go back. And, you know, if you work for a business, if you're a developer or something like that, like, you should really be thinking about how can this, how can passkeys be a differentiator for my business, how can they be better for my users, better security for my business, all that kind of thing. I think there's really something there and I would encourage people to spend some time with it. I think a lot has changed in the last year.
[24:27]
Anna Pobletz
That's Anna Pobletz, head of passwordless @1Password. And finally, in a plot twist straight out of Ratatouille, the robot Edition, researchers from the Beijing Institute of Technology and the Technical University of Munich have crafted a robot rat so socially savvy, it's fooling actual rats into thinking it's one of them. Published in Nature Machine Intelligence, the team used AI and reinforcement learning to teach the robo robo rodent the fine art of rat communication. Whether that's friendly nuzzling or laying down the law in a cage scuffle, the robot doesn't look entirely rat like. It's more a rat on wheels, but evidently it's got the moves. With a flexible spine, nimble head, and functioning forelimbs, it mimics rat behavior well enough to trigger emotional responses from its furry peers fear during anger or playful wrestling during happier times. Scientists envision these rodent doppelgangers as tools to study social behavior and emotional states in real rats. The robot rat fools real rats into trusting it. Meanwhile, AI fools humans into thinking their chat history is private. And that's the Cyberwire. For links to all of today's stories, check out our daily briefing@the cyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com we're privileged that N2K Cyberwire is part of the daily routine of the most influential leaders and operators in the public and private sector. From the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies, N2K makes it easy for companies to optimize your biggest investment your people. We make you smarter about your teams while making your teams smarter. Learn how@n2k.com this episode was produced by Liz Stokes. Our mixer is Trey Hester, with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Iban. Our executive editor is Brandon Karp. Simone Petrella is our president, Peter Kilpie is our publisher, and I'm Dave Buettner. Thanks for listening. We'll see you back here tomorrow.