Jun's Something Awesome

“More than 400 pilots have joined a class action against American plane manufacturer Boeing, seeking damages in the millions over what they allege was the company's "unprecedented cover-up" of the "known design flaws" of the latest edition of its top-selling jet, the 737 MAX.”

Boeing launched their 737 MAX series in 2017, following the architecture of popular narrow-body models worldwide. Since its release, two major crashes with this model have taken place – the first occurring in October 2018, where 189 casualties had occurred, and the other in March this year with 157 casualties. Following the later crash, jets of the same model have been grounded, and many lawsuits families and pilots have arisen. Many pilots also suffered repercussions of the groundings as they have been unable to work for some periods.

The reason of its dangerous behaviour is linked to the change in aerodynamics which the large jet engines ensued, and the software used to account for such situations. The large engines made it easy for the plane to pitch up during flights to the point where it may descend rapidly due to aerodynamic stall. New manoeuvring characteristics augmentation system (MCAS) software was introduced to the MAX model, automatically causing the plane to tilt downwards if the angle was reaching a dangerous point.  

This was theoretically a safe design, however the system only relied on two sensors detecting the angle of the plane. The few sensors cause it to be vulnerable to reading the angle incorrectly, so Boeing created a display in the cockpit to alert for incorrect readings, however this feature was optional and not enforced. An anonymous pilot who was affected by the grounding explained the flaw as: "Boeing's defective design causes the MCAS to activate based on the single input of a failed AOA sensor without cross-checking its data with another properly functioning AOA sensor." The new MCAS software also was not clearly explained to pilots and this was speculated to have allowed for quicker deployment of planes.

A clear implication of this has been the casualties of hundreds and grief to families and friends of the deceased. It has also caused many planes to be grounded, thus reducing the number of flights and paused the jobs of many airline staff such as pilots and stewards. This comes with loss of income and stress. Boeing’s reputation has also suffered greatly.

There are several solutions that I could see beneficial in this case:

An update to software and hardware with additional sensors could be implemented to greatly reduce the odds of misreadings, thus stopping the function to tilt the plane when not required.

Pilots could be trained and informed of this new software as it would be extremely confusing and difficult to resolve if there was a sudden unexpected tilt in the trajectory.

The optional display of incorrect readings should also be made mandatory upon being manufactured.  

https://www.abc.net.au/news/2019-06-23/over-400-pilots-join-lawsuit-against-boeing-over-737-max/11238282

https://en.wikipedia.org/wiki/Boeing_737_MAX

“The attacking software learns to mimic the voice of a person defined for it and makes a conversation with an employee on behalf of the CEO. It was also reported that today there are programs that, after listening to 20 minutes to a particular voice, can speak everything that the user types in that learned voice.”

Attackers now employ AI to assist with more convincing voice phishing. A non-technical description of its operation can be seen in the quote above. Occurrences have been reported to the Israel National Cyber Directorate (INCD) with cases where computers have impersonated executive employees and then called and instructed other employees to perform tasks detrimental to the company such as money transfers.

This poses many risks to the company, potentially causing bankruptcy, the loss of jobs, and as a result stress and damage to mental well-being.

There are several solutions I would employ to minimise the success of such operations:

Company staff can be trained to perceive unusual behaviour and requests to reduce the chance of being deceived.

A separate medium of communication can be used when communicating business-related information or additional verification such as a password could be included.

The source of the call can be tracked and provide the receiver with an alert if a suspicious location is detected.

Requests can be verified after received with other sources within the company before being performed.

A Korean company has also created their own AI to combat AI voice phishers by analysing key words, phrases, and speech patterns which are often seen in phishing calls. If suspicious activity is noted, the receiver is provided with an alert such that the call often ends before any actions have been made.

https://www.cshub.com/attacks/articles/ai-could-escalate-new-type-of-voice-phishing-cyber-attacks

China’s Xinjiang houses many concentration camps detaining people with differing beliefs, in particular, Muslims. These are known as ‘re-education camps’, and they have recently introduced protocol to install the Fengcai App on the unlocked phones of all travellers who enter via Central Asia as a condition of entry. This app gathers the device’s contacts, text messages, and media files, uploading them to a remote server. It then compares the media files to a list of over 73000 items primarily relating to Islam and extremism. This ranges from audio and images of the Quran to blueprints to homemade weapons. The app is thought to remain dormant and inactive after the initial upload.

This could have detrimental effects on surrounding areas, instilling a fear of surveillance and persecution for faith. It is reminiscent of North Korea and fictional dystopic societies which all have low standards of living. They also have access to immense amounts of personal information from the download and could conduct fraudulent activities if corrupt or lost lost to an attacker. This is also an opportunity to install other dangerous applications to spy on or attack travellers.

There are not many practical solutions which could be enforced due to the remote location, though it could be brought up as  a concern to the UN to abolish this protocol.

Since being introduced, GPS systems have had an error similar to the Y2K problem. Their system clocks require a hard reset every 1024 weeks due to their the GPS’ time message being stored within a 10-bit field. This had occurred in 1999, 1024 weeks after the first GPS satellite was launched, and also this year on April 6th. Devices which did not adapt often faced detrimental effect.

Some consequences of this implementation can be seen in New York, where their private wireless network (NYCWiN) relied on this technology, but showed negligence in accounting for the change this year. This resulted in system failures as there would be miscommunication between GPS satellites and receivers, thus causing disruptions throughout the city. ranging from errors in traffic lights to malfunctions in license plate readers. These can be the catalysts to other impacts such as car crashes and congestion caused by the faulty traffic lights and possibly even coordinated crimes on these dates as there would be a lot of miscommunication.

Some effective solutions could include:

Enforcing mandatory updates on council and large-scale devices which rely on GPS technology.

Creating newer GPS technologies with a larger bit field to store the time such that rollover happens less frequently.

Creating notifications on devices or in the media as the date approaches to inform the public.

https://www.cyber.gov.au/news/gps-rollover

There were more complications in this task than I anticipated:

Finding interesting articles is difficult - many websites required paid subscriptions, and in particular, articles relating to hackers and breaches almost always lacked information on the process of the hack.

Creating a relevant comic panel was also difficult in regards to coming up with a concept, and also the process took longer than anticipated.

W1 - US Prisons Banning Books Which Teach Inmates Coding

“The Oregon Department of Corrections [DOC] has barred inmates from reading dozens of books about technology and programming — many of which teach basic skills for many entry-level jobs.”

There have been over 1600 books banned by the Oregon Department of Corrections which cover topics such as sexual content, criminal activity, escape, and more recently technology. Examples of the latter can be seen in the image below, with ‘Code’ being cited as a violation.

The justification of the bans was to lessen prisoners’ ability to utilise the computer as they are often accessible within their sentence and may pose as a ‘potential threat’.

I find many flaws with the above decision and am almost entirely against it. I don’t believe that learning to code with especially the books in the above image, written for beginners, would contain much if any information on hacking a system. They include the fundamentals of coding languages to help the reader become familiar with the process, and potentially assist in their employment after they are let back into society. Regardless of if these books are banned, this solution would not address inmates who have prior knowledge of hacking, and other solutions should be implemented regarding the computers contents or usage protocol.

More effective solutions include: 

Random inspections of computer activity without the inmates knowledge. Due to the unpredictable occurrence of checks, inmates would not be able to prepare for checks and thus would be more difficult to plan something suspicious. This could detect suspicious activity early while also allowing inmates to gain the knowledge to assimilate into the workforce.

Banning only hacking-related books as beginner books should not be deemed as a threat.