Pixel Envy

Written by Nick Heer.

Russell Brandom Is Contradictory and He Should Feel Bad or Maybe Good Probably

The Verge’s Russell Brandom thought the New York Times was rather harsh on smartwatches:

Could your smartwatch be GIVING YOU CANCER? That’s the claim made by a new article in The New York Times by Nick Bilton, originally titled “Could wearable computers be as harmful as cigarettes?” Editors have already changed the headline to the more anodyne “The health concerns in wearable tech” in the face of substantial criticism, but the problems with the piece go much deeper than a bad headline.


Bilton quotes a single qualified physician before moving on to an osteopathic physician named Dr. Joseph Mercola who “focuses on alternative medicine.” Mercola has been outspoken on the link between cell phones and cancer, occasionally as a guest on the Dr. Oz show, and has a lucrative side business selling homeopathic products on his website, Mercola.com. He has been the subject of four separate letters from the FDA for mislabeling products or promising health benefits that are not supported by the medical literature. The fact that he’s being quoted as a health expert by The New York Times is astounding, as some have already noted.

Brandom thought Bilton’s article was so bad that he titled his debunking article “The New York Times’ smartwatch cancer article is bad, and they should feel bad”, and subtitled it “Cram it, Bilton”. Cute.

But what about if the Verge was able to gin up page views with its own hyperbolic and poorly-reported story? And what if Russell Brandom were the author of said story? How would that look? Well, how about a similarly snappy headline for starters?

The new MacBook’s single port comes with a major security risk

Perfect. Brandom, or his editor, was able to tie a potential security risk in USB ports to Apple’s hot new product. That’s a guaranteed win for page views.

So, Russell, tell me more about this security risk:

But while the new port is powerful, it also comes with serious security problems. For all its versatility, Type-C is still based on the USB standard, which makes it vulnerable to a nasty firmware attack, and researchers are also concerned about other attacks that piggyback on the plug’s direct memory access. None of these vulnerabilities are new, but bundling them together with the power cord in a single universal plug makes them scarier and harder to avoid. On a standard machine, users worried about USB attacks could simply tape over their ports, but power is the one plug you have to use. Turning that plug into an attack vector could have serious security consequences.

The biggest concern is the BadUSB vulnerability, first published last year. The attack lives in the firmware of a USB device and infects computers during the earliest stages of the connection, long before users get a chance to see what’s on the device or decide whether to open it up.

Judging by its permalink, that link goes to an article, also by Brandom, that was originally titled “This published hack could be the beginning of the end for USB”, but which has been retitled with the more tame “USB has a huge security problem that could take years to fix”.

Now what if the “MacBook” article was found to be wildly inaccurate?

These articles are pure clickbait. The main exploit in question, called BadUSB, was discovered 8 months ago. In theory, it could be used to attack most USB devices, including Macs, iPads, Windows PCs, and more. But making it seem like the new 12-inch MacBook, and to a lesser degree, the new ChromeBook Pixel, has some sort of new vulnerability because of using USB-C is disingenuous at best.


Gizmodo seems to believe the 12-inch MacBook is vulnerable to this direct attack, even going so far as to suggest that the NSA will distribute hacked USB-C power adapters designed to take over your notebook. But unlike Thunderstrike on vulnerable Macs (see “Thunderstrike Proof-of-Concept Attack Serious, but Limited,” 9 January 2015), the USB port uses Intel’s xHCI (eXtensible Host Controller Interface), which can’t be placed into a DFU (device firmware upgrade) mode to overwrite the MacBook’s firmware. Thus the MacBook itself can’t be infected with BadUSB, so plugging in an unknown power adapter can’t give someone control of your MacBook.

If I were an asshole, I’d use Brandom’s “cram it” subtitle against him, but I’m not, so I won’t. I will, however, point out that staffers at the Verge seem to have internalized clickbait. They’re pretty good at writing it themselves, and pretty good at calling it out. But which side they’ll take seems to depend on the kind of page views they can expect.

Update: The difference between the Times and the Verge is that when the former screws up, they usually admit it.