How video games are reshaping tech, culture, politics and the way we interact with each other.

Gaming

How companies like Amazon, Google and Facebook are shaping our world.

Big Tech

How false information is seeping into our daily interactions.

Misinformation

What to know about the next generation network that will revolutionize the way we live and work.

All about the treasure trove of data collected at every turn.

Data privacy

Who's watching you and what they're seeing.

Surveillance

The latest developments in the robot revolution.

Automation and AI

From the Valley to D.C., Big Tech players like Facebook, Google and Amazon are under more scrutiny than ever as new technology develops and privacy and antitrust concerns grow in lockstep with companies’ ambitions.

Technology

National

Codebook

Axios Codebook

A simple error where Okta users are incorrectly typing their passwords into the username field during login could be leaving them exposed to future attacks.

Driving the news: Researchers at cloud security firm Mitiga found in a report Thursday that identity management company Okta records the information shared during failed login attempts in easily accessible plain text.

Okta provides password management and employee access tools across corporate networks for more than 14,000 global customers. Researchers found that the design of Okta's login screen is confusing, making it likely some users will type their password into the username field.

The information in those failed login attempts is then stored in audit logs that track user behavior on a network and could be shared with Okta customers' third-party security vendors.

"This knowledge can then allow adversaries to compromise Okta user accounts and access any resources or applications that they may have access to, effectively expanding the blast radius of the attack," the report said.

Why it matters: Passwords are already a huge target for malicious hackers looking to gain access to sensitive online data.

Identity management tools like Okta are often seen as a line of defense to make obtaining those passwords more difficult.

Yes, but: It would take someone gaining access to internal activity logs and combing through them to find passwords entered in the username field for this flaw to lead to an attack.

The other side: Okta told Mitiga that saving passwords in plain text is "expected behavior when users mistakenly enter their password in the username field," according to the report.

"These logs are only accessible to Okta administrators, who are the most privileged users in Okta and should be trusted not to engage in malicious activities," the company added.

Sign up for Axios’ cybersecurity newsletter Codebook here

Human error is threatening Okta passwords, researchers warn

The login attempts include users who type their passwords in the "username" field by mistake.

Illustration of an opened briefcase revealing glowing asterisks inside

Cybersecurity

Researchers at French cybersecurity firm Synacktiv are walking away with $350,000 and a new Tesla after hacking into a Tesla Model 3's energy management and infotainment system during a hackathon this week.

Driving the news: During this week's Pwn2Own hacking competition in Vancouver, Canada, hosted by Trend Micro's Zero Day Initiative, security teams have broken into Teslas, Microsoft's Windows 11 and Apple's macOS.

The big picture: The Zero Day Initiative works with vendors like Tesla to create a series of hacking challenges for participants to try to overcome.

The challenges vary in difficulty: For the Tesla challenge, the easiest task involved exploiting the car's Bluetooth/Wi-Fi systems and the hardest would have resulted in a takeover of the Tesla's autopilot feature.

Details: Synacktiv's research team was able to exploit two vulnerabilities in the Tesla Model 3 — one in the Gateway energy management system and the other in the infotainment center — to gain just enough access to the car's controls that driving would be unsafe.

In the campaign targeting the Gateway, Synacktiv's team was able to open the front of the car, as well as the doors, while the vehicle was in motion.

To target the infotainment center, the team exploited a flaw in the Bluetooth chip set to gain what's known as "root access," which typically means intruders have the ability to download apps and other device-specific controls.

The competition wasn't conducted on the actual vehicle itself over fears that it could impact other nearby Teslas or result in hackers being able to move the vehicle through the conference center, Dustin Childs, head of threat awareness at the Zero Day Initiative, told Axios.

The intrigue: Tesla, which is a sponsor of the Pwn2Own competition, was on-site to learn about the security flaws hackers found so they could start working on patches.

What's next: Tesla is expected to issue a patch to fix the bug hackers found within the next three months, although Childs said the automaker has historically released patches from previous Pwn2Own competitions earlier than that.

Sign up for Axios’ cybersecurity newsletter Codebook here

Researchers break into Tesla Model 3 at hackathon

The hacks happened at Pwn2Own's hackathon in Vancouver in March.

Illustration of a Tesla steering wheel covered in caution tape

TikTok's biggest problem isn't its data security programs, it's the race between the U.S. and China to become the world's dominant cyber superpower.

Driving the news: TikTok CEO Shou Zi Chew's testimony before the House Energy and Commerce Committee Thursday did little to sway lawmakers who argue that the Chinese government could harness millions of Americans' TikTok data.

But lawmakers also struggled to articulate their main concern behind targeting TikTok: China’s espionage capabilities have become sophisticated and harder to detect in recent years.

The big picture: Chilling relations between the U.S. government and Beijing have only made lawmakers more wary of the capabilities China-backed hacking teams are brewing — and what classified U.S. data they're collecting.

The 2014 hacks of the Office of Personnel Management, which several firms linked to China, opened up the U.S. cyber community's eyes, Bryan Cunningham, former adviser to the White House National Security Council, told Axios.

Since then, China state-sponsored hackers have launched hundreds of wide-scale espionage campaigns in the U.S. to collect corporate secrets, sensitive communications and much more.

The Chinese military under President Xi Jinping has also prioritized online influence campaigns that spread pro-China narratives, Kenton Thibaut, a resident China fellow at the Atlantic Council, told Axios.

"In the past few years, China saw this real need to respond to what it saw as Western attacks on it, so it wanted to gain control of the narrative," she said.

Between the lines: TikTok's quick rise in the U.S. and its murky connections to its China-based parent company, ByteDance, have made it the perfect symbol for the ongoing cyber detente between the two countries.

"Unfortunately for TikTok, they're the 'Chinese spy balloon' of March," Cunningham said.

A senior Defense Department official told reporters Thursday that TikTok's vast scale is what makes it a concern compared to other China-linked apps operating in the U.S.

The intrigue: All countries conduct espionage campaigns against one another.

However, the intelligence community's annual worldwide threats report named China "the broadest, most active and persistent cyber espionage threat" to the U.S. government and private sector.

China-sponsored espionage campaigns have also started attacking internet-facing security tools to evade most cyber monitoring programs, making them harder to detect, researchers at Google-owned Mandiant warned last week.

The senior defense official also said that the Chinese government already "dwarfs everybody" in the sheer number and quality of people they have dedicated to hacking and espionage efforts.

Zoom out: China has started to embrace its role as a global superpower by acting as a mediator in conflicts involving its own allies, the Wall Street Journal reported this week.

Earlier this week, Xi met with Russian President Vladimir Putin for the first time since last year's invasion of Ukraine. Last week, China brokered another diplomatic deal between Saudi Arabia and Iran.

China, Russia and Iran also held a joint military drill last week, underscoring China's growing influence in the Middle East.

Yes, but: Hyperfocusing on a TikTok ban is an imperfect solution that's likely to get stuck in the courts and spur First Amendment concerns.

Many of the data collection and surveillance concerns lawmakers have with TikTok aren't unique to the China-linked social media platform: Meta, Twitter and YouTube have all come under fire for similar issues, and often share user data with U.S. law enforcement.

How China-linked espionage is hindering TikTok's U.S. future

Chilling relations between the U.S. government and Beijing have only made lawmakers more wary.

Illustration of the Chinese flag with the stars rendered in TikTok's logo style.

Pro Rata

Axios Pro Rata

Media Trends

Axios Media Trends

TikTok's future in the U.S. is most likely to be determined by the courts, rather than by politicians, executives or influencers.

Driving the news: Congress gave the social media company no quarter yesterday, in a four-hour hearing that mostly vacillated between moral panic and red scare.

CEO Shou Zi Chew seemed unable to persuade anyone that Project Texas, the Oracle-enabled data ringfencing effort, would solve U.S. data security concerns. 

He also bricked a couple of layups, and hewed to congeniality in the face of being called a liar and told that there wasn't remaining time for responses to questions.

What comes next: The upshot was bipartisan agreement that TikTok must be bought or banned. So let's play that out...

Parent company ByteDance is 60% owned by outside investors, including many U.S.-based venture capital firms. Its Chinese co-founders own another 20%, while the remainder is employee equity.

At TikTok's estimated value of up to $50 billion, a buyer would need just $10 billion to buy out the founders (who have voting control). That allows for a decent-sized universe of strategic suitors, including Oracle. 

But there may still be political objections to any shareholding by Chinese residents, including TikTok employees. Sure, it's absurd and ignores how other U.S. tech companies have employees in China. But we're talking about Congress, so that's table stakes. You'd likely need a bit more cash, and an IPO becomes less likely.

It's also worth noting that TikTok U.S. is just one piece of ByteDance, and currently an unprofitable one at that. ByteDance's founders might be willing to roll the dice, comforted by earnings from the rest of their empire.

This is where it gets really tricky. Imagine that Oracle makes a takeover offer so rich that ByteDance's founders can't refuse. Maybe it even throws in some of Larry Ellison's magic immortality beans.

The Chinese government could simply say no, perhaps using a 2020 law designed to protect intellectual property. Perhaps Beijing really does want all that user data, or just doesn't want to publicly capitulate to Washington. The reason is less important than the ruling. 

Some House members yesterday argued that China's ability to block a merger is evidence that ByteDance is controlled by the CCP, but it's really just evidence that a country can act in its perceived national interest to block divestitures (the U.S. government has similar abilities, albeit with much more of an adversarial legal process).

So now TikTok is in a position where the U.S. government insists it be sold or banned, but China won't allow it. 

Its only option, short of shutting down or praying for the political storm to pass, is to fight the ban demand in court.

And there is some precedent here. Back when former President Trump tried to ban TikTok, the company sued and won. 

President Biden may have a stronger case this time, and one backstopped by a new law Congress is on the verge of passing, but the final venue remains the same.

The bottom line: TikTok isn't going away any time soon, nor is it likely to have a new owner. But a lot of lawyers will be kept very busy. 

TikTok's fate may be decided by the courts

TikTok isn't going away any time soon, nor is it likely to have a new owner. But lawyers will be kept busy.

Illustration of the US Capitol dome piercing a smart phone. The Capitol has pink and blue strokes in the colors and style of Tik Tok's logo.

TikTok

China

After a record economic expansion, the coronavirus pandemic sent the U.S. economy into a recession as unemployment soared to staggering heights. The country now faces urgent questions about how much stimulus is needed for reeling consumers and businesses, and what a recovery might look like.

Economy & Business

President Biden has made the COVID-19 crisis and a post-Trump return to national unity and traditional democratic ideals his top priorities. From vaccinations to stimulus to schools, Biden is seeking bipartisan compromise while showing a willingness to use executive authority and bare Democratic majorities in the U.S. House and Senate to implement his policies. Republican leaders are navigating deep party divisions over if and how to move beyond former President Trump.

Politics & Policy

China is becoming the most formidable rival America has faced, and the risk of confrontation with Russia, North Korea or Iran still looms. Authoritarians are rising, the chaotic Afghanistan exit revealed the limits of U.S. power, and the pandemic, climate change and other critical challenges continue to pose grave threats.

World

When it comes to 3D-printed food, there is a best-practice "recipe" that overcomes some major manufacturing hurdles of this emerging sector, according to a new study. 

Why it matters: The latest U.N. climate change report identifies the role of climate warming in exposing millions of people worldwide to acute food insecurity. Some are looking to untapped solutions. 

How it works: 3D-printed food is made through an additive manufacturing process similar to standard 3D printing — except it's done using edible materials.

Across Europe, several restaurants and butchers are offering 3D-printed "meat" cuts, made from ingredients such as soy protein and chickpeas, manufactured by the startup Redefine Meat.

In the U.S., an LA-based digital bakery 3D-prints candy and a Columbia University lab just revealed a seven-ingredient 3D slice of cheesecake.

The big picture: Food is "becoming less available due to environmental challenges that we face today," says Ezgi Pulatsu, a postdoctoral fellow at the University of Ottawa who researches food engineering and manufacturing.

She sees 3D-printed food as potentially helping to solve problems in global food production that drive food insecurity. 

It also "will make the food system more efficient" and generate less waste, Pulatsu says.

Yes, but: There are a host of issues with practical application, both at the industrial level and for home use, in part from a lack of scientific research in the emerging technology.

Zoom out: Pulatsu co-authored a peer-reviewed study published Tuesday in the journal Physics of Fluids that seeks to fill in the gaps in information.

Optimizing processes that influence the quality and complexity of 3D-printed food can offer better results, control and speed, according to the study authors.

They identified extrusion-based 3D printing — wherein food paste is forced out of a syringe nozzle by direct or indirect pressure — as the "most applicable technique" for conventionally 3D-printing food. 

A 3D printer in the labs of Redefine Meat prints a variation of animal-free meat muscle formulation with color. Photo: Corinna Kern/Bloomberg/Getty Images

What they're saying: 3D-printed food could be used to supply essential nutrients to those without access to fresh, whole foods because of a lack of affordability and availability, says Jonathan Blutinger, a postdoctoral researcher at Columbia University, who co-authored another paper on 3D cooking released this week.

"It mitigates the need to bring in food from other places, so it allows you to work more with your local ingredients," says Blutinger, who works as an engineering consultant at Redefine Meat. "You're able to get more out of your food because you can print just what you need."

Of note: There are ethical and cultural considerations to exploring 3D-printed food as a solution to food insecurity.

One example: Making synthetic steak from muscle stem cells from a cow embryo — which raises issues such as nutritional risks.

Between the lines: The likely timeline for mass adoption of 3D food printing is at least several years away, according to Blutinger. 

The price tag for an at-home 3D food printer is steep, and on a larger scale materials such as ingredients are hard to come by. 

The intrigue: The Department of Defense’s Combat Feeding Directorate is exploring 3D-printing food by developing 3D-printed meal bars that enhance performance and address soldiers' nutritional needs, per C&EN.

Plus, in a project funded by the Department of Defense's DARPA, a startup is working on creating food out of plastic using 3D-printing techniques — with a goal of aiding in disaster relief operations.

The other side: Investment in these kind of solutions, however, risks neglecting basic unmet needs in disaster recovery, says Joe Gilliom, founder of Unity in Disasters, which provides food and supplies to overlooked communities after a disaster.

"For us to start with manufacturing food, without even providing the basic milk, cheese, bread, wheat and fruits? I think we're making a leap, and that leap will probably be viewed as being ignored." 

A new dimension for food security

3D-printed food could serve as a possible untapped solution to the global food crisis.

Illustration of a piece of cooked steak with a cursor on a computer dialogue box selecting "print"

Food security

Ominous forecasts about the impact of climate change serve as the backdrop for the world — led by U.S. lawmakers and companies — to debate big action on the problem, which could upend energy systems and our way of life.

Energy & Environment

Utah became on Thursday the first state to enact legislation that restricts children and teens from using social media without their parents' consent.

Driving the news: Gov. Spencer Cox (R) signed two bills into law aimed at limiting when and where anyone younger than 18 years old can interact online, and to stop companies from luring minors to certain websites.

Details: Under the law that's due to take effect on March 1, 2024, social media companies will have to instate a curfew for minors in the state, barring them from using their accounts from 10:30pm to 6:30am.

It also requires companies to give a parent or guardian access to their child’s accounts.

Of note: Adults will also have to confirm their ages to use social media platforms or they'll lose account access.

Between the lines: The proposed legislation comes as experts and policymakers nationwide are warning about the mental health consequences social media may have on young users, Axios' Kim Bojórquez and Erin Alberty report.

What they're saying: "Youth rates of depression and other mental health issues are on the rise because of social media companies," Cox said in a tweet Thursday. "As leaders, and parents, we have a responsibility to protect our young people."

Cox has said previously he expects a lawsuit challenging the legislation to be filed.

What we're watching: Ari Cohn, a free speech lawyer for TechFreedom said last week that the then-bills "violate the First Amendment and threaten to fragment the Internet."

He argued that the governor shouldn't sign bills that force social media users to provide ID showing their age and, for minors, parental consent.

A lawsuit over the rules could be costly to Utah taxpayers.

Zoom out: Other states including Arkansas, Texas, Ohio and Louisiana have similar bills impending, AP reports.

Editor's note: This article has been updated with additional details throughout.

Salt Lake City

Salt Lake City Members

Salt Lake City Alerts

Get smarter, faster on the most consequential news unfolding in Salt Lake City

Axios Salt Lake City Thought Bubble

Axios Salt Lake City

Utah becomes first state to sign law limiting kids' social media use

Adults who don't verify their ages would also lose access to their social media accounts from next year, under the legislation.

A looks at a smartphone screen on March 16 in England. Photo: Matt Cardy/Getty Images

Utah

TikTok's time in the barrel

"If this committee gets its way, TikTok's time is up."

TikTok CEO Shou Zi Chew arrives to testify before the House Energy and Commerce Committee. Photo: Tasos Katopodis/Getty Images

The U.S., Canada, and a number of European governments in recent months have stepped up efforts to impose restrictions on TikTok, ratcheting up pressure on the Chinese-owned app even as U.S.-China relations have grown increasingly strained.

The latest: TikTok's CEO Shou Zi Chew defended the company from charges that it poses a national security threat, testifying on March 23 for the first time in front of U.S. lawmakers who advocated for banning the app.

Chew downplayed the app's connections to China and referenced TikTok's "unprecedented" data security practices compared to unnamed social media competitors during a House committee hearing. 

TikTok is owned by the private Chinese company, ByteDance, and much of the scrutiny around it stems from the firm's relationship with the Chinese government.

The big picture: Critics have voiced concern that TikTok could put the data of 150 million U.S. users at risk because Chinese law requires China's companies to share information with the government, Axios Scott Rosenberg and Sara Fischer write.

TikTok has said it operates independently and protects U.S. data through an alliance with Oracle, which firewalls the data from overseas access.

Concerns about the company have also included the firm's previous violations of children's privacy.

A number of recent revelations have challenged TikTok's claims that U.S. user data is secure because it is stored outside of China and that the company does not comply with Chinese government content moderation requirements.

FBI Director Chris Wray warned in December that the Chinese government controls the app's recommendation algorithm, allowing it to potentially manipulate the content or instigate operations to influence users, and that the Chinese government maintains the ability to collect user data.

Already, bans on using the app in government have taken effect at the state level. More than half of U.S. states have banned state employees from using TikTok on government-issued devices and a number of U.S. universities have barred it from their WiFi networks.

Worth noting: TikTok doesn't operate inside China. ByteDance instead offers a similar version of the app, called Douyin, to Chinese customers.

There are currently at least three bills making their way through Congress that, if made law, would curtail the app. 

The DATA Act, which mentions TikTok by name, would give President Biden more authority to ban the app. The House Foreign Affairs Committee has advanced the legislation. The Deterring America’s Technological Adversaries Act (DATA Act), advanced by the House Foreign Affairs Committee, was introduced in February by committee chair Michael McCaul (R-Texas).

The ANTI-SOCIAL CCP Act, backed by lawmakers including Sen. Marco Rubio (R-Fl.) and Rep. Mike Gallagher (R-Wisc.), would allow TikTok to be banned from operating in the U.S. It would also allow the blocking and prohibiting of all transactions from any social media company in China and Russia. It has not yet received a vote from a congressional committee, per the New York Times.

The RESTRICT Act would give the Department of Commerce more power to review, prevent and mitigate information communications and technology transactions that pose "undue" risk. Introduced by Sen. Mark Warner (D-Va.), the chair of the Senate Intelligence Committee, and Senate Minority Whip John Thune (R-S.D.), the bill gives the government greater power to regulate and sanction China-affiliated companies such as TikTok. It doesn't involve a total ban or mention TikTok specifically, but it would give Biden greater power and the White House is supporting this bill.

What legal challenges might preclude a total ban?

The American Civil Liberties Union (ACLU) sent a letter to the House Foreign Affairs Committee in late February urging members to vote against the DATA Act, saying it would effectively ban TikTok in the U.S.

Calling the legislation "vague and overbroad," the letter argued that it would violate Americans' First Amendment rights by infringing on the rights to freedom of expression and association.

"Whether we’re discussing the news of the day, live streaming protests, or ​​even watching cat videos, we have a right to use TikTok and other platforms to exchange our thoughts, ideas, and opinions with people around the country and around the world,” Jenna Leventoff, senior policy counsel at ACLU, said in a press release.

Where is TikTok currently banned globally?

More than a dozen countries around the world have introduced full, partial or public sector bans on TikTok amid heightened national security concerns.

India banned TikTok in 2020 over privacy and security concerns.

In December, Taiwan imposed a public sector ban on the use of Chinese-made software on government devices, which would include TikTok, per AP.

The European Commission, EU Council and Parliament all announced last month that they would prohibit staff from having TikTok on their work devices.

Canada also banned the app from government-issued mobile devices last month.

In Afghanistan, the Taliban ordered a ban on TikTok and the game PUBG last year, claiming it was necessary to keep youth from “being misled."

The political realities that make a national TikTok ban tricky

More than 20 U.S. states have banned state employees from using TikTok on government-issued devices and a number of U.S. universities have barred it from their WiFi networks.