Destaque

Na Alemanha, um bug no Sistema de Controlo de Tráfego Aéreo levou ao cancelamento de inúmeros voos no Aeroporto de Frankfurt. Não é a primeira vez que o Sistema de Controlo de Tráfego Aéreo alemão sofre problemas técnicos, desta vez, o Aeroporto de Frankfurt foi afetado por uma inesperada interrupção. A operadora do maior aeroporto alemão, Fraport, reportou o problema, informando de imediato que haveriam interrupções em todo o espaço aéreo europeu e, portanto, atrasos nas operações e cancelamentos de voos isolados. A investigação ao problema técnico revelou que o mesmo estaria relacionado com uma falha de software, durante a instalação de uma atualização no Sistema de Controlo de Langen. Ainda que o problema tenha sido resolvido logo da parte da manhã, horário local, todos os passageiros foram instruídos que seria expectável a ocorrência de atrasos e cancelamentos durante o resto do dia, antes que as operações voltassem à normalidade. O Centro de Controlo de Langen é responsável pelo espaço aéreo inferior nas regiões centrais da Alemanha, incluindo alguns dos aeroportos mais movimentados do país, como Düsseldorf, Colónia e Frankfurt. O artigo original via Simple Flying pode ser lido em: https://simpleflying.com/german-atc-issue-flight-delay/

Baraa Habab is the name of a young Syrian who recently discovered security flaws in Facebook, but his concerns were ignored by the US company. To draw attention to these problems, Baraa hacked the account of one of Facebook's founders, prompting them to thank him and offer him a job. The 25-year-old from Damascus was forced to leave his university, where he was studying Information Engineering, and his home country because of the civil war that has been raging since 2011. Driven by his passion for the world of programming, Baraa's resilience and hard work have been crucial to withstanding all the difficulties he has faced since then. Between 2016 and 2017, he eventually discovered a software bug on Facebook, so he wrote several times to report the problem, in both Arabic and English, but without any feedback. To ensure that his concerns were legitimate, Baraa Habab surprised the Facebook administration itself by accessing several private and public Facebook pages, without knowing the username, email or password associated with the page, and without even contacting the owners of the pages. One of these pages was precisely that of Facebook co-founder Chris Hughes, where the young Syrian wrote on his wall in both English and Arabic: "There is no such thing as 100% protection, there is always a loophole.". And that's how Baraa got Facebook's attention, and was even offered a contract to work in security. With an attachment to Facebook, Baraa ended up discovering another software error later in 2018. An error that would allow the privacy of millions of users to be affected without their knowledge. In addition to helping countless people find solutions to technical problems, as well as many victims of Facebook fraud, Baraa Habab also helps companies in the field of information security and protection, and also plays a role in training and education on the subject of digital extortion. The original article via Middle East Monitor can be read at: https://www.middleeastmonitor.com/20220618-young-syrian-man-discovers-several-facebook-security-loopholes/

As autoridades de cybersegurança dos Estados Unidos da América ordenaram na passada semana que todos os organismos federais corrijam falhas de software exploradas por hackers. Acredita-se que estes estejam ligados a governos estrangeiros. “Estas vulnerabilidades representam um risco inaceitável para a segurança da rede federal”, afirmou Jen Easterly, diretora da Agência de Segurança Cibernética e Infraestrutura dos EUA (CISA), num comunicado. A “diretiva de emergência” da CISA dá às agências cinco dias para atualizar o software vulnerável, ou em último caso, removê-lo por completo das suas redes. Esta não se aplica às redes de computadores do Pentágono, que não estão sob a jurisdição da CISA. As vulnerabilidades em questão encontram-se num tipo de software feito pela VMware, cujos produtos são amplamente utilizados no governo dos EUA. A gigante da tecnologia com sede na Califórnia, emitiu a 6 de abril uma correção para as falhas de software que permitiriam a hackers não só o acesso remoto de arquivos, como instalarem-se na própria rede. Dois dias após o lançamento da correção, os hackers descobriram uma forma alternativa de invadir computadores usando as vulnerabilidades, de acordo com a CISA. Este acontecimento forçou a VMWare a lançar atualizações de software para colmatar estas vulnerabilidades recém-descobertas, e que a CISA ordenou que as agências abordassem. A agência não identificou os hackers ou quais sistemas que tenham servido como. Por norma, os funcionários da CISA recorrem à sua autoridade de emergência para obrigar as agências a resolver falhas graves de software quando espiões ou criminosos podem atacar a sua segurança. Nos últimos 3 anos, esta agência já fez uso dos seus recursos por 10 vezes, inclusive em resposta à chamada “campanha de hackers” SolarWinds, que se acredita ter sido realizada por agentes russos. Este acabou por passar despercebido pelas autoridades americanas durante muito tempo, resultando numa violação de segurança de pelo menos nove agências federais, incluindo aquelas que lidam com segurança nacional, como os departamentos de Segurança Interna e Justiça. O artigo original via CNN International pode ser lido em: https://edition.cnn.com/2022/05/18/politics/software-bug-warning-vmware/index.html

Segundo a Agência Europeia para a Segurança de Aviação (EASA), um problema de software pode levar à perda do controlo do elevador para certos aviões Airbus A350. A diretiva emitida no passado dia 5 de maio pela EASA, avisa os operadores dos aviões Airbus A350-900 e -1000 para alterar o seu AFM (manual de voo do avião) aplicável e a Lista de Equipamentos Mínimos devido a um problema de software que pode levar à perda do controle do elevador.”Foi relatada uma ocorrência na qual os computadores de controlo de voo PRIMary (PRIMs) indicaram que ambos os atuadores do elevador foram considerados defeituosos”. A EASA afirma também que investigações posteriores revelaram que instruções incorretas foram implementadas com a introdução do “padrão PRIM P13“, que faz parte do padrão X13 do Sistema de Controlo e Orientação de Voo (FCGS). Uma vez que a data de vigência para resolução do problema foi imediatamente definida para os dias seguintes, a EASA exigiu ainda que os operadores alterem o seu AFM aplicável, estando sujeito a uma atualizado e revisão temporária. A diretriz da EASA refere, também, que estes deverão “informar todas as tripulações de voo e, a partir de então, operar o avião de acordo”. Os operadores afetados também devem alterar a Lista de Equipamentos Mínimos Mestres do Airbus A350 (MMEL) de acordo. Esta é uma diretiva considerada como uma ação provisória, o que significa que outras ações podem decorrer nos próximos dias. Curiosamente, este não é o primeiro bug de software relacionado com o Airbus A350. Em julho de 2019, alguns modelos do A350-900 apresentavam um problema de aviação, que poderia ser corrigido através de uma atualização de software, ou mesmo desligando e ligando a aeronave pelo menos uma vez a cada 149 horas. A execução dessa ação rudimentar teria evitado “perda parcial ou total de alguns sistemas ou funções de aviação”. O artigo original via Simply Flying pode ser lido em: https://simpleflying.com/a350-software-bug-easa-emergency-directive/

Em Dallas, estado do Texas, nos Estados Unidos da América, a Toyota viu-se obrigada a recolher mais de 400 mil veículos devido a um problema de software que afeta a estabilidade das viaturas. De acordo com um comunicado da empresa, o erro de software leva a que o sistema eletrónico do sistema de controlo de estabilidade do veículo seja desativado inesperadamente. A fabricante japonesa aconselha ainda que os clientes verifiquem as condições dos seus veículos, e que reportem no próprio website, caso surja algum problema. Relativamente ao bug em questão, pode-se ainda ler no comunicado: “Para todos os veículos envolvidos, os revendedores Toyota e Lexus atualizarão o software da Skid Control ECU gratuitamente para os clientes. Os proprietários dos veículos envolvidos serão notificados até meados de junho de 2022”. O artigo original via Big News Network pode ser lido em: https://www.bignewsnetwork.com/news/272487413/toyota-recalls-460000-vehicles-due-to-stability-control-issue

On April 1st, Ford announced that it was recalling almost half a million trucks, as a brake system malfunction caused by a software error was discovered. According to ABC News, the recalled vehicles concern Ford 2021 and 2022 models, which include: Super Duty, Ford Maverick, F-150, Lincoln Navigator and Expedition. Given that the problem detected is directly related to its software, it is simple to resolve and the Ford dealership will apply the appropriate software update. Ford will begin notifying owners of the affected models by post in the coming weeks. Just last week, the US multinational was in a similar situation, where it recalled more than 700,000 vehicles due to a problem related to an oil leak. According to Reuters, the models included the 2020 to 2022 Ford Escape SUV and the 2021 and 2022 Bronco Sport SUV with 1.5 liter engines, in which the oil leak could occur in the engine parts, thus causing a serious risk of fire. The original article via Tech Times can be read at:https://www.techtimes.com/articles/273797/20220401/ford-recalled-400-000-trucks-due-software-bug-affects-brake.htm

Last Sunday, a group of large vessels were prevented from entering the Kiel Canal in Germany, which links the North Sea to the Baltic, due to a software problem - the signal was given by a spokesman for the maritime authority. "We had to stop traffic for safety reasons. Our colleagues have been trying everything to solve the problem as quickly as possible," Detlef Wittmüss, head of the Kiel Canal Waterways and Shipping Authority, told the Kieler Nachrichten newspaper. According to the spokesman, even earlier in the afternoon, smaller ships were able to re-enter the canal at Brunsbüttel, on the North Sea side, and by the end of the day, small vessels were also able to resume their journeys. Normally, Sundays are days when more than 80 ships use the Kiel Canal. In recent days, new software has been installed to control navigation on the artificial waterway, the spokesman added. So far, it has worked flawlessly. The original article via Daily Sabah can be read at:https://www.dailysabah.com/world/europe/software-glitch-causes-traffic-jam-in-germanys-kiel-canal

With rising fuel prices, Tesla Inc's electric cars are proving more attractive than ever, yet one customer has been charged more than half a million dollars for only charging his vehicle at a Tesla Supercharger station. In an article shared by Electrek, a Tesla Model 3 owner in China was charged more than 600,000 US dollars after a small charge at a Tesla Supercharger station, an error that was mainly due to a bug in the software. In addition to this hefty bill, the bug also led to the customer being banned from Supercharging after charging his vehicle for 20 minutes. The US company has already admitted that the problem was indeed due to a software error, and that a fix is already underway. The customer in question had more than 2,000 free charging miles, all of which ended up being used in his last charging session. Since you can only use so much energy in such a short space of time, the problem in question was related to the billing calculation. In this sense, as the payment was not being made and the user was banned, the system ended up accumulating the inactivity fees quite quickly, thus leading to the amount of more than 600 thousand dollars. The original article via Benzinga can be read at: https://www.benzinga.com/tech/22/03/26025054/tesla-owner-billed-600-000-after-visiting-supercharger-due-to-software-bug

British Airways, the British airline, was recently hit by major technical problems, leading to the cancellation of all short-haul flights from Heathrow airport until Saturday. In a statement issued to Insider, British Airways said: "We very much regret that, due to the ongoing technical problems we are facing, we have unfortunately had to cancel all short-haul flights from Heathrow today until midday." The statement also said that the British airline "anticipates further disruptions during the day". The airline also confirmed to Reuters that the problem was not due to a cyber attack. Heathrow Airport also apologized for the situation via its official Twitter account. According to Sky News, the British Airways website and app were down for several hours last Friday, preventing customers from booking flights or checking in online. Nevertheless, British Airways said that long-haul services at Heathrow and all flights at Gatwick and London City Airport should operate as planned. Customers will be able to receive a full refund and can choose to rebook their flights at a later date, according to the airline. One passenger, Ed Hall, told The Press Association that he was stuck on a plane for more than an hour after landing at Heathrow Terminal 5. According to him, this was because the crew couldn't access any IT systems to find out where passengers could disembark from the plane. This systems disruption comes after British Airways itself canceled several flights in and out of London airports last week after Storm Eunice hit the UK. The original article via Insider can be read at:https://www.businessinsider.com/british-airways-cancels-flights-technical-issues-denies-cyber-attack-2022-2

A software bug at Apple has led to Siri, its virtual assistant feature, recording personal interactions with its users without their consent. Last week, Apple acknowledged this very serious problem in its most recent update, iOS 15. According to Apple, the AI-based virtual assistant recorded people's conversations, even though they had refused to do so: "The bug automatically activated the Improve Siri and Dictation setting that gives Apple permission to record, store and review personal conversations with Siri," reported ZDNet. Later, issuing an apology, the US company said it had fixed the bug for "many" users. There are still many unanswered questions: the company's statement does not clarify, for example, how many phones were affected, or even when. "Without transparency, there's no way of knowing who might have their conversations recorded and listened to by Apple employees, despite the user having acted in exactly the way to avoid that scenario," added the online portal The Verge. Technology and AI experts have previously argued in favor of these big tech companies listening to our requests - mainly in order to adjust the flaws in voice-based technology. This is what Amazon's Alexa FAQ says: "The more data we use to train these systems, the better Alexa works, and training Alexa with voice recordings from multiple customers helps ensure that Alexa works well for everyone." In other words, the only way to improve voice-based technology, according to some experts, is to make private interactions listenable. It is estimated that in 2020, more than 60% of Indian users used voice assistants on their smartphones for a multitude of tasks - from listening to music, to setting an alarm, or even asking questions. Florian Schaub, an assistant professor at the University of Michigan who has studied people's perceptions of privacy, argues that people tend to personify their devices, which makes them even more inattentive to these kinds of issues. In this sense, when they ask Alexa or Siri innocuous questions, they are not really thinking deeply about these actions, but when they realize that someone is listening to their conversations, they feel that it is intrusive and a violation of their privacy, and are therefore much more likely to disconnect from these systems. This is an issue that raises a number of concerns not only about users' privacy, but also about the extent to which their data is retained and how it is harnessed and used by these companies. "VAs work on the basis of users' voices - that's their main feature. All the VAs mentioned above are activated by listening to a specific activation keyword. Although some of the policies state that cloud servers do not store data/voice unless the activation word is detected, there is a constant exchange of voice and related data between your cloud servers and the VA device. This turns out to be particularly worrying in cases of false activation, when data can be stored without real knowledge," according to a report by the Internet Freedom Foundation (IFF). The original article via The Swaddle can be read at: https://theswaddle.com/apples-siri-was-accidentally-recording-conversations-without-peoples-consent/