Facebook doesn’t want its hardware like Oculus and Portal to be at the mercy of Google because they rely on its Android operating system. That’s why Facebook has tasked a co-author of Microsoft’s Windows NT named Mark Lucovsky with building the social network an operating system from scratch, according the The Information’s Alex Heath.
“We really want to make sure the next generation has space for us” says Facebook’s VP of hardware Andrew ‘Boz’ Bosworth. “We don’t think we can trust the marketplace or competitors to ensure that’s the case. And so we’re gonna do it ourselves.”
By moving to its own OS, Facebook could have more freedom to bake social interaction — and hopefully privacy — deeper into its devices. It could also prevent a disagreement between Google and Facebook from derailing the roadmaps of Oculus, Portal, or future gadgets. We’ve asked Facebook for more details on its homegrown operating system.
One added bonus of moving to a Facebook-owned operating system? It could make it tougher to force Facebook to spin out some of its acquisitions, especially if Facebook goes with Instagram branding for its future augmented reality glasses.
Facebook has always been sore about not owning an operating system and having to depend on the courtesy of some of its biggest rivals. Those include Apple, who’s CEO Tim Cook has repeatedly thrown jabs at Facebook and its chief Mark Zuckerberg over privacy and data collection. In a previous hedge against the power of the mobile operating systems, Facebook worked on a secret project codenamed Oxygen circa 2013 that would help it distribute Android apps from outside the Google Play store if necessary, Vox’s Kurt Wagner reported.
That said, its last attempt to wrestle more control of mobile away from the OS giants in 2013 went down in flames. The Facebook phone, built with HTC hardware, ran a forked version of Android and the Facebook Home user interface. But drowning the experience in friends’ photos and Messenger chat bubbles proved wildly unpopular and both the HTC First and Facebook Home were shelved.
Now Facebook is hoping to learn from past mistakes as it ramps up its hardware efforts with a new office for the team in Burlingame, 15 miles north of the company’s headquarters. The 70,000-square-foot space is designed to house roughly 4,000 employees.
Interested in potentially controlling more of the hardware stack, Facebook held acquisition talks with $4.5 billion market cap semiconductor company Cirrus Logic, which makes audio chips for Apple and more, The Information reports. That deal never happened, and it’s unclear how far the talks went given tech giants constantly keep their M&A teams open to discussions. But it shows how serious Facebook is taking hardware, even if Portal and Oculus sales have been slow to date.
That could start to change next year, though, as flagship virtual reality experiences hit the market. I got a press preview of the upcoming Medal Of Honor first-person shooter that will launch on the Oculus Quest in 2020. An hour of playing the World War 2 game flew by, and it was one of the first VR games that felt like you could enjoy it week after week rather than being just a tech demo. Medal Of Honor could prove to be the killer app that convinces gamers they have to get a Quest.
Facebook has also been working on hardware experiences for the enterprise. Facebook Workplace video calls can now run on Portal, with its smart camera auto-zooming to keep everyone in the board room in frame or focus on the action. The Information reports Facebook is also prototyping a VR videoconferencing system that Boz has been testing with his team.
The hardware initiatives meanwhile feed back into Facebook’s core ad business. It’s now using some data about what people do on their Oculus or Portal to target them with ads. From playing certain games to accessing kid-focused experiences to virtually teleporting to vacation destinations, there’s plenty of lucrative data for Facebook to potentially mine.
Facebook even wants to know what’s on our mind before we act on it. The Information reports that Facebook’s brain-computer interface hardware for controlling interfaces by employing sensors to recognize a word a user is thinking has been shrunk down. It’s gone from the size of a refridgerator to something hand-held but still far from ready for integration into a phone.
Selling Oculus headsets, Portal screens, and mind-readers might never generate the billions in profits Facebook earns from its efficient ads business. But they could ensure the social network isn’t locked out of the next waves of computing. Whether those are fully immersive like virtual reality, convenient complements to our phones like smart displays, or minimally-invasive sensors, Facebook wants them to be social. If it can bring your friends along to your new gadgets, Facebook will find some way to squeeze out revenue while keeing these devices from making us more isolated and less human.
First it was SolarWinds, a reportedly Russian hacking campaign that stretches back almost a year and has felled at least nine US government agencies and countless private companies. Now it’s Hafnium, a Chinese group that’s been attacking a vulnerability in Microsoft Exchange Server to sneak into victims’ email inboxes and beyond. The collective toll of these espionage sprees is still being uncovered. It may never be fully known.
Countries spy on each other, everywhere, all the time. They always have. But the extent and sophistication of Russia’s and China’s latest efforts still manage to shock. And the near-term fallout of both underscores just how tricky it can be to take the full measure of a campaign even after you’ve sniffed it out.
By now you’re probably familiar with the basics of the SolarWinds attack: Likely Russian hackers broke into the IT management firm’s networks and altered versions of its Orion network monitoring tool, exposing as many as 18,000 organizations. The actual number of SolarWinds victims is assumed to be much smaller, although security analysts have pegged itin at least the low hundreds so far. And as SolarWinds CEO Sudhakar Ramakrishna has eagerly pointed out to anyone who will listen, his was not the only software supply chain company that the Russians hacked in this campaign, implying a much broader ecosystem of victims than anyone has yet accounted for.
“It’s become clear that there’s much more to learn about this incident, its causes, its scope, its scale, and where we go from here,” said Senate Intelligence Committee chair Mark Warner (D-Virginia) at a hearing related to the SolarWinds hack last week. Brandon Wales, acting director of the US Cybersecurity and Infrastructure Agency, estimated in an interview with MIT Technology Review this week that it could take up to 18 months for US government systems alone to recover from the hacking spree, to say nothing of the private sector.
That lack of clarity goes double for the Chinese hacking campaign that Microsoft disclosed Tuesday. First spotted by security firm Volexity, a nation-state group that Microsoft calls Hafnium has been using multiple zero-day exploits—which attack previously unknown vulnerabilities in software—to break into Exchange Servers, which manage email clients including Outlook. There, they could surreptitiously read through the email accounts of high-value targets.
“You wouldn’t fault anyone for missing this,” says Veloxity founder Steven Adair, who says the activity they observed began on January 6 of this year. “They’re very targeted, and they’re not doing much to raise alarm bells.”
This past weekend, though, Veloxity observed a marked shift in behavior, as hackers began using their Exchange Server foothold to aggressively burrow deeper into victim networks. “It was really serious before; someone having unrestricted access to your email at will is in a sense a worst-case scenario,” says Adair. “Them being able to also breach your network and write files steps it up a notch in terms of what someone can get to and how hard the cleanup can be.”
Neither SolarWinds nor the Hafnium attacks have stopped, meaning the very concept of cleanup, at least broadly, remains a distant dream. It’s like trying to mop up an actively gushing oil tanker. “It is apparent that these attacks are still ongoing, and the threat actors are actively scanning the Internet in a ‘spray-and-pray’ type fashion, targeting whatever looks to be vulnerable,” says John Hammond, senior security researcher at threat detection firm Huntress, about the Hafnium campaign.
Microsoft has released patches that will protect anyone using Exchange Server from the assault. But it’s only a matter of time before other hackers reverse engineer the fix to figure out how to exploit the vulnerabilities themselves; you can expect ransomware and cryptojacking groups to get in on the action posthaste.
“It could become a complete free for all,” says Adair. “I would guess it could be trivial for someone to figure out components of this now that the patch is out.”
The patch will protect anyone who installs it, but if past is prologue, that list will be far from comprehensive. Microsoft pushed a patch for the EternalBlue vulnerability in March 2017; two months later the WannaCry virus used the leaked NSA tool to rip through the Internet. A full two years after that, over a million devices were still vulnerable globally. Which means that Hafnium and the criminal groups it inspires have a very long belt they can add notches to.
At the same time, none of this activity should be surprising. “There is definitely always a background level of state-sponsored espionage that is occurring through cyberspace,” says J. Michael Daniel, who previously served as cybersecurity coordinator in the Obama administration and is currently the president and CEO of the nonprofit Cyber Threat Alliance. The SolarWinds and Hafnium hackers just happened to get caught. And while the US has been increasingly willing to indict nation-state hackers—including from Russia and China—they typically do so for intellectual property theft or other flagrant violations of international norms. Spying? Not so much. That also makes deterrence a little trickier; in the Cold War you could just kick spies out of your country, an option that’s not available when they’re sitting behind a keyboard thousands of miles away.
Which means you can expect the threads of SolarWinds and Hafnium to keep unspooling, probably for years, without ever reaching the end.
“Will we find out more as time goes on that there was another supply chain compromise from SolarWinds, or more agencies? Maybe, maybe not,” says Volexity’s Adair. “They could have devastated a ton more and you never find out about it, either because the victims never know or they know but it doesn’t become public.” The same, he says, is true for Hafnium. “I don’t know that we’ll keep hearing about it forever, but the impact will be long-lasting,” Adair says. “It already is long-lasting, just based on what they’ve done so far.”
Bit flips are events that cause individual bits stored in an electronic device to flip, turning a 0 to a 1 or vice versa. Cosmic radiation and fluctuations in power or temperature are the most common naturally occurring causes. Research from 2010 estimated that a computer with 4GB of commodity RAM has a 96 percent chance of experiencing a bit flip within three days.
An independent researcher recently demonstrated how bitflips can come back to bite Windows users when their PCs reach out to Microsoft’s windows.com domain. Windows devices do this regularly to do things like making sure the time shown in the computer clock is accurate, connecting to Microsoft’s cloud-based services, and recovering from crashes.
Remy, as the researcher asked to be referred to, mapped the 32 valid domain names that were one bitflip away from windows.com. He provided the following to help readers understand how these flips can cause the domain to change to whndows.com:
Of the 32 bit-flipped values that were valid domain names, Remy found that 14 of them were still available for purchase. This was surprising because normally, Microsoft and other companies buy these types of one-off domains to protect customers against phishing attacks. He bought them for $126 and set out to see what would happen. The domains were:
No inherent verification
Over the course of two weeks, Remy’s server received 199,180 connections from 626 unique IP addresses that were trying to contact ntp.windows.com. By default, Windows machines will connect to this domain once per week to check that the time shown in the device clock is correct. What the researcher found next was even more surprising.
“The NTP client for windows OS has no inherent verification of authenticity, so there is nothing stopping a malicious person from telling all these computers that it’s after 03:14:07 on Tuesday, 19 January 2038 and wreaking unknown havoc as the memory storing the signed 32-bit integer for time overflows,” he wrote in a post summarizing his findings. “As it turns out though, for ~30% of these computers doing that would make little to no difference at all to those users because their clock is already broken.”
The researcher observed machines trying to make connections to other windows.com subdomains, including sg2p.w.s.windows.com, client.wns.windows.com, skydrive.wns.windows.com, windows.com/stopcode, and windows.com/?fbclid.
Remy said that not all of the domain mismatches were the result of bitflips. In some cases they were caused by typos by people behind the keyboard, and in at least one case the keyboard was on an Android device, as it attempted to diagnose a blue-screen-of-death crash that had occurred on a Windows machine.
To capture the traffic devices sent to the mismatched domains, Remy rented a virtual private server and created wildcard domain lookup entries to point to them. The wildcard records allow traffic destined for different subdomains of the same domain—say, ntp.whndows.com, abs.xyz.whndows.com, or client.wns.whndows.com—to map to the same IP address.
“Due to the nature of this research dealing with bits being flipped, this allows me to capture any DNS lookup for a subdomain of windows.com where multiple bits have flipped.”
Remy said he’s willing to transfer the 14 domains to a “verifiably responsible party” and in the meantime will simply sinkhole them, meaning he will hold onto the addresses and configure the DNS records so they are unreachable.
“Hopefully this spawns more research”
I asked Microsoft representatives if they’re aware of the findings and the offer to transfer the domains. The representatives are working on getting a response. Readers should remember, though, that the threats the research identifies aren’t limited to Windows.
In a 2019 presentation at the Kaspersky Security Analysts Summit, for instance, researchers from security firm Bishop Fox obtained some eye-opening results after registering hundreds of bitflipped variations of skype.com, symantec.com, and other widely visited sites.
Remy said the findings are important because they suggest that bitflip-induced domain mismatches occur at a scale that’s higher than many people realized.
“Prior research primarily dealt with HTTP/HTTPS, but my research shows that even with a small handful of bitsquatted domains you can still siphon up ill-destined traffic from other default network protocols that are constantly running, such as NTP,” Remy said in a direct message. “Hopefully this spawns more research into this area as it relates to the threat model of default OS services.”
SpaceX says it is building a factory in Austin, Texas, to design systems that will help make satellite dishes, Wi-Fi routers, and other equipment for its Starlink satellite broadband network. The news comes from a job posting for an automation and controls engineer position flagged in a story Tuesday by local news channel KXAN.
“To keep up with global demand, SpaceX is breaking ground on a new, state of the art manufacturing facility in Austin, TX,” the job posting said. “The Automation & Controls Engineer will play a key role as we strive to manufacture millions of consumer facing devices that we ship directly to customers (Starlink dishes, Wi-Fi routers, mounting hardware, etc).”
The factory apparently won’t make the dishes and routers on site but will instead design systems that improve the manufacturing process. “Specifically, they will design and develop control systems and software for production line machinery—ultimately tackling the toughest mechanical, software, and electrical challenges that come with high-volume manufacturing, all while maintaining a focus on flexibility, reliability, maintainability, and ease of use,” the job posting said.
Starlink is in beta and is serving over 10,000 customers, and it has asked the Federal Communications Commission for permission to deploy up to 5 million user terminals in the US. SpaceX calls this piece of hardware “Dishy McFlatface,” and it receives transmissions from SpaceX’s low-Earth orbit satellites. See our article about a Dishy McFlatface teardown for more details on the hardware’s inner portions, and this article for more pictures of the dish in its fully intact state.
Starlink has been charging $99 per month plus a one-time fee of $499 for the user terminal, mounting tripod, and router. Starlink recently began taking preorders for service that would become available in the second half of 2021.
Shipping to 25 countries this year
The new job posting said the successful applicant will work in Austin but spend up to 25 percent of the time at SpaceX headquarters in Los Angeles “until [the] Austin facility is fully established.” The new engineer will make an impact on Starlink’s ability to ship hardware this year. The person will “set, implement, and maintain schedules and budgets to ensure project completion as we strive to ship to 25+ countries by the end of the year,” the job posting said.
The engineer will be expected to “design, develop, and manage automation and controls projects to manufacture consumer electronics that are easy for humans around the world to use, but are technically very sophisticated—this includes initial factory ideation, on-line commissioning and proof of rate capability, and eventual hand-off to operational teams.” The engineer will also “spearhead facility bring up and initial equipment conceptual development by carefully balancing product specifications, process requirements, layout complexity, cost, and lead-time limits,” the job posting said.
We asked SpaceX for more detail on plans for the Austin facility and when it will open, and on where exactly the dishes and routers will be manufactured. We’ll update this article if we get an answer.
The new SpaceX factory would be near Tesla’s planned car factory in Austin. SpaceX founder and CEO Elon Musk is also the CEO of Tesla.