My son was just arrested for using this in his hacking club at high school. Be careful if you have kids with one. According to witnesses in the room, he was showing it to kids in his hacking club and they all thought it was just turning off Apple phones in the classrooom. Apparently, it turned off phones including several teachers in adjoining classrooms. Anyways. The police came to the school and arrested him and are threatening him/us with federal crimes. They also executed a search warrant in our house and took all electronics. Its been a little traumatising to say the least.
Sorry to hear about this. You probably shouldn’t post anymore about this for legal reasons.
For other readers, I’d be curious the jurisdiction.
The specific app that can turn off iPhones requires the “unleashed” firmware I believe.
Also, regarding legality, if you are DoSing cell phones, you are creating a hazard where users are no longer able to contact emergency services, and this is the most likely avenue of charges, as opposed to FCC fines (if in USA) for using locked spectrums.
And so do reinforced concrete walls, they block the signal and thus prevent emergency services from being contacted too. And so many other things. Radio communications are unreliable by default. Someone's prank should not result in criminal charges unless tangible harm has occurred.
Intent, not the act is 99 percent etc etc. Wether or not harm took place does not matter, if it did, the entire basis of our legal system would rely upon only direct evidence of violent acts.
This is why attempted murder, kidnapping, etc is a charge. We do not yet have a charge of "attempted mass personal device disablement". and there is no reasonable case for......"manslaughter" of a device.
Being "realistic"/less analagous; Your mobile device is the most important inanimate object to you in every single category imaginable. And this is the case for most of humanity for some time now.
If someone knowingly removed my access to my personal device maliciously, I would suddenly start caring very much about seeing that persons freedoms taken away.
Edit: after rambling I wanna reiterate my first bit....intent is 99 percent. In this case, it's a kid. The law has context, and I think they should of course be lenient.
Yes, and if the intent was to prevent access to emergency services, then yes that would rightfully be a crime. But if the intent was to pull a stupid prank that would temporarily disable someone's iPhone for 5 minutes, then that should not be a crime, if only done once.
The kid should be told not to do it again. And no law enforcement should have ever been involved in the first place. Otherwise we are teaching those children to distrust authorities, that authorities are unjust and unfair. Thus undermining the rule of law.
All their classmates are also involved and watching the outcome of the situation. Some might end up seeing the "system" as being unfair and are not going to think twice before stealing or committing some other crime, e.g. fraud.
So, in San Fran, people break into cars and steal from stores, and they are not even arrested, but kids who are into electronics are being charged as the biggest criminals. It reminds me of the girl [0] who was into Chemistry and was charged with terrorism.
There teachers are crazy and so is the police being this overdramatic while the actual crooks are out there free doing their crimes while they busy arresting kids, crazy!
40+ years ago I did some dumb things in school as well. But in all cases I got punished by my father. Not because I hurt somebody, but because I wasted a lot of people's time who had to deal with consequences from my actions. I didn't respect other people and their time and it was enough for my father to punish me. And he had every right to do so.
When I was a teacher some time ago some kids did a dumb things as well – they "hacked" schools' computers by putting some really sticky putty under keyboard keys. I wasn't allowed to punish these kids by ordering to clean it after themselves and parents agreed to pay for a new keyboards after weeks of "discussions" with lawyers involved.
And on the part of who called the police in the first place. In my experience teachers and school management are just too paranoid/neurotic and will escalate everything so they can't be blamed.
It might be legal for them to call the cops, but it still does not absolve them from moral responsibility for their actions. Including all the distress it would cause the child's family, and the likely ongoing PTSD from the incident.
As someone with two and a half -- yes, and a half -- felonies for computer trespass from when I was in highschool, at 17, freshly 17, in 2003...I feel for you. Longer story, obviously. But no one knew how to deal with the situation, so "Something has to be done!"
In the words of Governor William J La Petomane, one of Mel Brooks' characters from Blazing Saddles, "We have to keep our phony baloney jobs gentlemen!"
When I was a teenager I would pour Coca-Cola into the school computers after seeing a fellow student get into trouble for similar stuff. Never got caught for that. It's acid and worked especially well against powered up electronic equipment.
I wouldn't be surprised nowadays they would just start a rumor about the teacher's sexual misconduct or grooming of the students, in response, instead. And the accusation could spread and escalate, completely destroying the life of the teacher.
A certain percentage of the population will just make stuff up if they have the opportunity to do so, and "juicy" gossip can spread virally. So if they ask for "witnesses" to come forward, they will. Sex offenders are hated so much in society, they get beaten and abused in prison all the time, so it's essentially torture in the end.
For those of you in FDA regulated devices, my clients started receiving FDA NSE letters for not performing fuzz testing. For example, "Though you have provided penetration testing, it does not appear that you have addressed the other items identified such as static and dynamic code analysis, malformed input (fuzz) testing, or vulnerability scanning. This testing is necessary to assess the effectiveness of the cybersecurity controls implemented and to determine whether the residual risk of your device is acceptable."
That's excellent that they are doing that. Especially for embedded devices because there tend to be lots of homebrew protocols on those, and those are usually easy pickings.
If their penetration testing didn’t perform fuzzing then you may want to look into a new pen test provider. Fuzz testing is default on most pen tests (I do this professionally)
Man this applies to me. I got an bioengineering degree and had to go to the US to find work. I started at $30K in the US and now I'm up to over $350K/yr. Would love to come back to Canada but the horrible expereince of applying for over 100 jobs and no interviews was disheartening.
I'm a regulatory consultant and I am currently submitting at least 5-10 510ks/DeNovos per week to FDA for AI/ML devices for a variety of companies. I can't imagine the actual throughput from companies as I am just one person out of many consultants out there. 95% of the software devices I edit and submit are hosting their databases on AWS. Essentially they transer the DICOM images to AWS and then run their algorithms against the data and then present the indications to the physcian. These run the range of CT/MRI/Ultrasound/pathology slides/genomic sequencing. Like I said, most of the databases are on AWS. A few are on Azure and a few european companies are on Orange.
>Essentially they transer the DICOM images to AWS and then run their algorithms against the data and then present the indications to the physcian. These run the range of CT/MRI/Ultrasound/pathology slides/genomic sequencing.
Okay so aside from the physician in question presumably knowing to whom a given set of indications belong to among his patients, how is the data kept anonymized while going through its path from these software devices, to AWS, to algorithmic processing and then to presenting findings to the physician?
and those DeNovos you're submitting, what do most of them relate to? Honestly curious since you describe how you work in this field.
I'm currently working on a required CDC (Center for Disease Control) reporting function for a COVID test. For a second I thought this article was going to be extremely helpful.
The first computer I used professionaly was a Control Data Corporation (CDC) 6600. For a second I thought I could use this to transfer some of my old files.
I audit a lot of these Fentanyl API (Active Pharma Ingredient) factories in China. Its noticeable to me when I go through the warehouses as to how much product is going to Mexico. Other segments go to India for legal fill finishing prior to North America, while other small shipments are going to compounding facilities across the US. I always thought FDA might want to relay this information to homeland security, because its pretty easy for FDA inspectors to sneakily gather information during site inspections. At quite number of sites I often run into a mix of legal and nefarious activity at these massive API sites
Is there any way you could point me to more information about these facilities and or the auditing process?
Back in college, I was a fiend for all type of stuff that was presumably made at these facilities. I would purchase styff from american and canadian resellers who had labs in china that would synth specific drugs for them. Always wondered what the lab conditions were like, what likelihood I was supporting nefarious business practices, how likely it was that I got harmful byproducts etc.
Auditor checks adherence to particular rules. You can assert nefarious activities at higher level, but it's likely out of job scope to do something about it
I think those are generally good questions but the majority of submissions that FDA CDRH are reviewing are for imaging of ultrasound, MRI, XRAY etc, with a sprinkling of audio AI and maybe some individualized vaccines predictions at CDER.
These questions are generally addressed during the pre-sub for each FDA submission but I agree that the demographic information could be pretty infinite. I'm working on at least 5 of these AI submissions per week.
For example, lets say you have an AI submission for identifying cardiac ultrasound images. FDA will ask for very specific demographic information in the training and performance tests, as well as comorbidities (such as hypertension) for each training image. In addition, they will want at least three physicians to annotate the images. The training dataset is likely to contain at least 100-200K images.
The new draft literally doesn't change anything. It just defines some of the things that FDA has been already asking for in the past 7 years for every device submission.
Just my opinion as someone who has worked on many infusion pumps; that FDA review division is the best at FDA. They probably ask more cybersecurity questions than any other group I've encountered.
> They probably ask more cybersecurity questions than any other group
And therein lies the problem. Ask lots of questions on paper, and you get something that is very secure on paper.
But if you want something actually secure, you need to do pentests, have a substantial bounty program, have the design+code inspected by security reviewers, etc.
That FDA review division does require that information and testing to be supplied with infusion pump testing. In fact, they are one of the few that routinely asks for substantial testing in repeated deficiency requests.
Oh god, I remember this. My mom sent it to her sister who was outraged — frothing at the mouth, practically — that someone could do something so cruel. It was hard to convince her that it was a fake, and then of course she said that such things should be banned.
I also know that she enjoys veal, so as usual, human hypocrisy WRT animal exploitation knows no bounds.
I dunno — torturing a sentient being to to death for your own amusement is fucked up no matter how you slice it. A calf is about as smart as a cat, has an emotional life, and cares about its family. Eating meat is not necessary for survival; we do it for convenience or entertainment.
The primary difference between a cat and calf in Western culture is that we view one as a pet, and the other as protein on legs. If you subjected a dog to what a veal calf goes through you’d be hauled into a police station.
That article does a great job of further explaining why the practice is cruel, by also showing how the ducks are left in an albeit not as typically cramped, but nonetheless dank, large shed.
The quote seems to make people think it could be ethical, because the prior treatment is slightly better than average?
One of my favorite (!?) FBI anecdotes is that one of the cartoonists who was syndicated in the original print version of The Onion, managed to have one of his characters make a joke about bombing the WTC get published the same week a bomb went off in the parking garage. Dumbest luck. He got to have a nice chat with some men in black about that one.
I totally understand why they would need to dot some i's and cross some t's on that one but the bonsai kitten thing is just inane.
