United States law enforcement this week took down the Aisuru, Kimwolf, JackSkid, and Mossad botnets, a slate of cybercriminal tools that have infected more than 3 million devices around the world, including many inside home networks, and have been used to carry out record-breaking cyberattacks. Meanwhile, hundreds of millions of iPhones are currently vulnerable to takeover by a new tool called DarkSword that Russian hackers used to steal victimsâ data.
Customer service calls and chats with the Sears Home Services AI bot Samantha were exposed and publicly accessible until a researcher reported the situationârevealing personal details from calls and chats, including, in some cases, hours of extra audio seemingly recorded after customers thought a call had ended. And WIRED reviewed dozens of Telegram channels containing job listings for âAI face models.â The people who land the jobs are mostly women and are likely being used as the face of AI scams to steal victimsâ money.
Meta recently announced that it will eliminate end-to-end encryption protections for Instagram Direct Messages on May 8, citing low adoption of the feature. The company had long promised the protection as a default for Instagram chat, and experts fear that the bait and switch could set a dangerous precedent in the tech industry. In other Meta encryption news, though, Signal creator Moxie Marlinspike announced this week that he will collaborate with the tech giant to integrate his encrypted AI platform Confer into Meta AI in some form.
And thereâs more. Each week, we round up the security and privacy news we didnât cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.
Imagine trying to explain this one to your boss: You canât get to work because your court-mandated breathalyzer wonât let you start the vehicleânot because youâve been drinking, you swear, but because that alcohol-vapor-detecting device has been disabled by a cyberattack on the company that makes it.
Intoxalock, an automotive breathalyzer maker that says itâs used daily by 150,000 drivers across the US, this week reported that it had been the target of a cyberattack, resulting in its âsystems currently experiencing downtime,â according to an announcement posted to its website. Meanwhile, drivers that use the breathalyzers have reported being stranded due to the devicesâ inability to connect to the companyâs services. âOur vehicles are giant paperweights right now through no fault of ours,â one wrote on Reddit. âIâm being held accountable at work and feel completely helpless.â
The lockouts appear to be the result of Intoxalockâs breathalyzers needing periodic calibrations that require a connection to the companyâs servers. Drivers who are due for a calibration and canât perform one due to the companyâs downtime have been stuck, though the company now states on its website that itâs offering 10-day extensions on those calibrations due to its cybersecurity disruption, as well as towing services in some cases. In the meantime, Intoxalock hasnât explained what sort of cyberattack itâs facing or whether hackers have obtained any of the companyâs user data.
Back in March 2023, FBI director Christopher Wray confirmed, for the first time, that the agency had purchased US phone location data. While the FBI had previously paid for phone data from commercial data brokersâinstead of seeking a warrantâit had stopped doing so, Wray said. âThatâs not been active for some time,â Wray claimed. Fast-forward three years, and the FBI is once again purchasing location data that can be used to track Americans.
At a Senate hearing on Wednesday, FBI director Kash Patel confirmed that the agency is buying âcommercially available informationâ that he claimed was âconsistent with the Constitutionâ and other laws. âIt has led to some valuable intelligence for us,â Patel said. The practice involves the FBI buying information from commercial data brokers, which sell huge volumes of data, including phone location information, that is collected by advertising technology baked into apps.
