United States

US Calls Broadcom's Bid For Qualcomm a National Security Risk (nytimes.com) 91

An anonymous reader quotes a report from The New York Times (Warning: source may be paywalled; alternative source): The United States government said Broadcom's proposed acquisition of rival chipmaker Qualcomm could pose a national security risk and called for a full investigation into the hostile bid. The move complicates an already contentious deal and increases the likelihood that Broadcom, which is based in Singapore, will end its pursuit of Qualcomm. Such an investigation is often a death knell for a corporate acquisition. A government panel, the Committee on Foreign Investment in the United States, or Cfius, noted, in part, that the potential risk was related to Broadcom's relationships with foreign entities, according to a letter from a United States Treasury official. It also said that the deal could weaken "Qualcomm's technological leadership," giving an edge to Chinese companies like Huawei. "China would likely compete robustly to fill any void left by Qualcomm as a result of this hostile takeover," the official said in the letter. The letter and the public call for an investigation reflects a newly aggressive stance by Cfius. In most cases, the panel operates in secret and weighs in after a deal is announced. In this instance, Cfius, which is made up of representatives from multiple federal agencies, is taking a proactive role and investigating before an acquisition agreement has even been signed.

One Single Malicious Vehicle Can Block 'Smart' Street Intersections In the US (bleepingcomputer.com) 98

An anonymous reader shares a BleepingComputer report: Academics from the University of Michigan have shown that one single malicious car could trick US-based smart traffic control systems into believing an intersection is full and force the traffic control algorithm to alter its normal behavior, and indirectly cause traffic slowdowns and even block street intersections. The team's research focused on Connected Vehicle (CV) technology, which is currently being included in all cars manufactured across the globe. More precisely, it targets V2I (vehicle-to-infrastructure) protocols, and more precisely the I-SIG system implemented in the US.

The Michigan research team says the I-SIG system in its current default configuration is vulnerable to basic data spoofing attacks. Researchers say this is "due to a vulnerability at the signal control algorithm level," which they call "the last vehicle advantage." This means that the latest arriving vehicle can determine the traffic system's algorithm output. The research team says I-SIG doesn't come with protection from spoofing attacks, allowing one vehicle to send repeated messages to a traffic intersection, posing as the latest vehicle that arrived at the intersection. According to simulated traffic models, the Michigan team says that around a fifth of all cars that entered a test intersection took seven minutes to traverse the traffic junction that would have normally taken only half a minute. Researchers don't believe this bug could be exploited for actual gains in the real world, but the bugs' existence shows the protocol is poorly coded, even four years after first being proved unsecured.

Slashdot Top Deals