United States law enforcement this week took down the Aisuru, Kimwolf, JackSkid, and Mossad botnets, a slate of cybercriminal tools that have infected more than 3 million devices around the world, including many inside home networks, and have been used to carry out record-breaking cyberattacks. Meanwhile, hundreds of millions of iPhones are currently vulnerable to takeover by a new tool called DarkSword that Russian hackers used to steal victimsā data.
Customer service calls and chats with the Sears Home Services AI bot Samantha were exposed and publicly accessible until a researcher reported the situationārevealing personal details from calls and chats, including, in some cases, hours of extra audio seemingly recorded after customers thought a call had ended. And WIRED reviewed dozens of Telegram channels containing job listings for āAI face models.ā The people who land the jobs are mostly women and are likely being used as the face of AI scams to steal victimsā money.
Meta recently announced that it will eliminate end-to-end encryption protections for Instagram Direct Messages on May 8, citing low adoption of the feature. The company had long promised the protection as a default for Instagram chat, and experts fear that the bait and switch could set a dangerous precedent in the tech industry. In other Meta encryption news, though, Signal creator Moxie Marlinspike announced this week that he will collaborate with the tech giant to integrate his encrypted AI platform Confer into Meta AI in some form.
And thereās more. Each week, we round up the security and privacy news we didnāt cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.
Imagine trying to explain this one to your boss: You canāt get to work because your court-mandated breathalyzer wonāt let you start the vehicleānot because youāve been drinking, you swear, but because that alcohol-vapor-detecting device has been disabled by a cyberattack on the company that makes it.
Intoxalock, an automotive breathalyzer maker that says itās used daily by 150,000 drivers across the US, this week reported that it had been the target of a cyberattack, resulting in its āsystems currently experiencing downtime,ā according to an announcement posted to its website. Meanwhile, drivers that use the breathalyzers have reported being stranded due to the devicesā inability to connect to the companyās services. āOur vehicles are giant paperweights right now through no fault of ours,ā one wrote on Reddit. āIām being held accountable at work and feel completely helpless.ā
The lockouts appear to be the result of Intoxalockās breathalyzers needing periodic calibrations that require a connection to the companyās servers. Drivers who are due for a calibration and canāt perform one due to the companyās downtime have been stuck, though the company now states on its website that itās offering 10-day extensions on those calibrations due to its cybersecurity disruption, as well as towing services in some cases. In the meantime, Intoxalock hasnāt explained what sort of cyberattack itās facing or whether hackers have obtained any of the companyās user data.
Back in March 2023, FBI director Christopher Wray confirmed, for the first time, that the agency had purchased US phone location data. While the FBI had previously paid for phone data from commercial data brokersāinstead of seeking a warrantāit had stopped doing so, Wray said. āThatās not been active for some time,ā Wray claimed. Fast-forward three years, and the FBI is once again purchasing location data that can be used to track Americans.
At a Senate hearing on Wednesday, FBI director Kash Patel confirmed that the agency is buying ācommercially available informationā that he claimed was āconsistent with the Constitutionā and other laws. āIt has led to some valuable intelligence for us,ā Patel said. The practice involves the FBI buying information from commercial data brokers, which sell huge volumes of data, including phone location information, that is collected by advertising technology baked into apps.
