To av Norges største teleselskaper hadde en feil som gjorde det mulig å tyvlåne andres telefonnummer.

…

Metoden kalles spoofing og blir brukt av kriminelle til å gjøre svindelforsøk mer troverdige.

…

For Telias del er dette er den femte offentlig kjente sikkerhetshendelsen i år.

No krev Schibsted betaling for at du skal sleppe at dataene dine blir brukte til målretta reklame. Datatilsynet fryktar at personvern er i ferd med å bli ei luksusvare.

…

– Personvern er ein menneskerett som ein ikkje skal betale for, seier direktør i Datatilsynet, Line Coll.

– Personvernforordninga krev at verksemder innhentar samtykke som skal givast frivillig. Datatilsynet set spørsmålsteikn ved om samtykket er reelt sett frivillig dersom alternativet er å betale, held ho fram.

Ho fryktar kva som skjer dersom alle nettstader og appar følgjer etter, og peiker særleg på kva dette har å seie for sårbare grupper.

– Datatilsynet er bekymra for at personvern på internett skal bli reservert for dei rike. Personvernet til andre grupper kan også bli pressa av denne typen løysingar, til dømes barn og unge, eller andre sårbare gruppe som ikkje har høve til å betale eller finne personvernvennlege alternativ, seier Coll.

…

– Etter vårt syn er denne typen løysingar i strid med krava i personopplysningslova. Dette er også bakgrunnen for at vi tidlegare har klaga inn Metas «Pay or OK»-løysing. Saka ligg framleis til behandling hos det irske datatilsynet, seier Myrstad i Forbrukarrådet.

Since February, the Firefox team has been working around the clock using frontier AI models to find and fix latent security vulnerabilities in the browser. We wrote previously about our collaboration with Anthropic to scan Firefox with Opus 4.6, which led to fixes for 22 security-sensitive bugs in Firefox 148.

As part of our continued collaboration with Anthropic, we had the opportunity to apply an early version of Claude Mythos Preview to Firefox. This week’s release of Firefox 150 includes fixes for 271 vulnerabilities identified during this initial evaluation.

…

[…] security to date has been offensively-dominant: the attack surface isn’t infinite, but it’s large enough to be difficult to defend comprehensively with the tools we’ve had available. This gives attackers an asymmetric advantage, since they only need to find one chink in the armor.

…

Elite security researchers find bugs that fuzzers can’t largely by reasoning through the source code. This is effective, but time-consuming and bottlenecked on scarce human expertise. Computers were completely incapable of doing this a few months ago, and now they excel at it. We have many years of experience picking apart the work of the world’s best security researchers, and Mythos Preview is every bit as capable. So far we’ve found no category or complexity of vulnerability that humans can find that this model can’t.

…

The defects are finite, and we are entering a world where we can finally find them all.

A theft over the weekend of nearly $300 million worth of cryptocurrency has been attributed to hackers from North Korea, as the industry grapples with the fallout of a wide-ranging incident involving multiple prominent platforms.

The attack began on Saturday afternoon when blockchain security firms reported $290 million leaving the crypto platform Kelp. The company confirmed the incident and paused activity while an investigation was conducted.

Cyber sleuths traced the incident back to LayerZero, a cryptocurrency infrastructure developer behind a popular messaging tool allowing decentralized apps to communicate and transfer assets back and forth.

…

LayerZero said the attack was isolated to Kelp and blamed the incident on how Kelp is set up.

…

LayerZero went on to explain that the attackers were able to “manipulate or poison” downstream infrastructure by compromising systems the company relies on to verify transactions. The company said the attackers’ sophisticated tactics prevented security monitoring tools from noticing anomalies.

In order to complete the heist, the hackers also launched a distributed denial-of-service (DDoS) attack on backup systems that may have been able to stop the theft. The tools used to carry out the attack were built to self-destruct once the hackers had finished.

…

If confirmed, the $290 million theft would be yet another blockbuster cryptocurrency robbery launched by hackers from North Korea. Three weeks ago, alleged North Korean groups stole $290 million from the Drift crypto platform in another sophisticated operation involving fake companies, alleged actors and more.

North Korea has waged an unprecedented assault on the crypto industry for more than five years, stealing vast sums each year that U.S. officials say is used to fund Pyongyang’s military weapons program.

The country’s government stole more than $2 billion in similar attacks last year and brought in $3 billion from attacks between 2017 and 2023, according to United Nations investigators.

The Tim Cook story at Apple is an almost poetic arc. Upon arrival, he fundamentally overhauled the way its products would be made, primarily by moving manufacturing to Japan, Taiwan, and China. This groundwork is what allowed him to transform the company when he arrived as CEO, growing it into a global behemoth and working within China to create the best and most precise electronics manufacturing chain anywhere. And that became a problem for him. The Chinese government was able to use that as leverage, and the tie-up became politically untenable in the United States, too. Cook’s precise supply chain management directly led to his appeasement of strongmen.

Mobilkunder hos Telia har siden 2023 vært sporbare via mobilen, inkludert sentrale politikere på Stortinget.

…

NRK har siden testet og innhentet mer dokumentasjon om hvem som er påvirket av feilen.

Undersøkelsene viser at:

• Privatkunder og bedriftskunder med Telia-abonnement kunne spores, så fremt en av telefonene var tilknyttet bedriftsnettet.
• Også bedriftskunder med Phonero, en merkevare av Telia, kunne spores.
• Mobiltelefoner kunne spores selv når de var i utlandet.
• Den oppringte trengte normalt ikke å ta telefonen for å bli sporet.

…

Å utnytte feilen involverte ikke noen form for datainnbrudd eller «hacking». Det holdt å lese av informasjon som ble sendt til mobiltelefonen ved et anrop.

Det krever en viss teknisk innsikt å utnytte feilen, men ingen spesialverktøy.

Det avslørte hvilke basestasjoner den oppringte var tilkoblet. I bynære strøk kan man med denne informasjonen anslå en mobilbrukers posisjon til mellom 100 og 200 meters nøyaktighet.

– Det som undersøkelsene viser nå, er at feilen oppsto ved en konfigurasjonsendring vi gjorde i 2023

Ruter tok bussene fra hverandre og undersøkte dem i et rom der signaler ble isolert.

Der fant de ut at de kinesiske elbussene kan tas kontroll over av produsenten.

Ifølge Ruter har produsenten fjerntilgang til dette på hver enkelt buss:

• Pogramvareoppdatering
• Diagnostikk
• Styringssystem for batteri- og kraftforsyning

«I teorien kan bussen derfor stoppes eller gjøres ubrukelig av produsenten,» melder Ruter.

“We’re two years away from something we could lose control over,” Max Tegmark, an MIT professor and the president of the Future of Life Institute, told me, and AI companies “still have no plan” to stop it from happening. His institute recently gave every frontier AI lab a “D” or “F” grade for their preparations for preventing the most existential threats posed by AI.

…

…the underlying concerns that animate AI doomers have become harder to dismiss as chatbots seem to drive people into psychotic episodes and instruct users in self-mutilation. Even if generative-AI products are not closer to ending the world, they have already, in a sense, gone rogue.

Data made public by Ulf Kristersson’s security revealed his location, routes and movements over several years

…

In 2023 a former Russian submarine commander was killed reportedly with the help of his open Strava profile and last year it was revealed bodyguards to several world leaders were sharing confidential information on the app.

In 2017, Strava was accused of giving away the location and staffing of military bases and spy outposts around the world by publishing a map that showed all of its users’ activity.

asml’s most advanced machine is mind-boggling. It works by firing 50,000 droplets of molten tin into a vacuum chamber. Each droplet takes a double hit—first from a weak laser pulse that flattens it into a tiny pancake, then from a powerful laser that vaporises it. The process turns each droplet into hot plasma, reaching nearly 220,000°C, roughly 40 times hotter than the surface of the Sun, and emits light of extremely short wavelength (extreme ultraviolet, or euv). This light is then reflected by a series of mirrors so smooth that imperfections are measured in trillionths of a metre. The mirrors focus the light onto a mask or template that contains blueprints of the chip’s circuits. Finally the rays bounce from the mask onto a silicon wafer coated with light-sensitive chemicals, imprinting the design onto the chip.

Sweden’s law enforcement and security agencies are pushing legislation to force Signal and WhatsApp to create technical backdoors allowing them to access communications sent over the encrypted messaging apps.

Signal Foundation President Meredith Whittaker said the company would leave the Swedish market before complying with such a law, Swedish news outlet SVT Nyheter reported Monday.

…

Because the bill would mandate that Signal build backdoors in its software, Whittaker told the outlet, it would weaken the messaging app’s entire network.

The Swedish Armed Forces routinely use Signal and are opposing the bill, saying that a backdoor could introduce vulnerabilities that could be exploited by bad actors.

Apple is taking the unprecedented step of removing its highest level data security tool from customers in the UK, after the government demanded access to user data.

Advanced Data Protection (ADP) means only account holders can view items such as photos or documents they have stored online through a process known as end-to-end encryption.

But earlier this month the UK government asked for the right to see the data, which currently not even Apple can access.

Apple did not comment at the time but has consistently opposed creating a “backdoor” in its encryption service, arguing that if it did so, it would only be a matter of time before bad actors also found a way in.

Now the tech giant has decided it will no longer be possible to activate ADP in the UK.

It means eventually not all UK customer data stored on iCloud - Apple’s cloud storage service - will be fully encrypted.

Data with standard encryption is accessible by Apple and shareable with law enforcement, if they have a warrant.

Benedict Evans:

Of course, the UK is within its rights to choose one side of the trade-off in the UK - what’s bizarre here is that the UK is apparently demanding that Apple do this globally. The UK, apparently, is trying to tell a US company what products it can provide to customers in Japan, Australia or indeed the USA. Normally it’s only American regulators that assert global juristiction. But what will the UK government say when China reads this story, and orders Apple to hand over UK citizens’ data, given that it’s now unencrypted and the UK has conceded the principle of jurisdiction? [emphasis added]

The cryptocurrency industry and those responsible for securing it are still in shock following Friday’s heist, likely by North Korea, that drained $1.5 billion from Dubai-based exchange Bybit, making the theft by far the biggest ever in digital asset history.

…

In much the same way that nuclear arms systems are designed to require two or more authorized people to successfully authenticate themselves before a missile can be launched, multisig wallets need the digital signatures of two or more authorized people before assets can be accessed.

Bybit was largely following best practices by storing only as much currency as needed for day-to-day activity in warm and hot wallets, and keeping the rest in the multisig cold wallets. Transferring funds out of cold wallets required coordinated approval from multiple high-level employees of the exchange.

…

multiple systems inside Bybit had been hacked in a way that allowed the attackers to manipulate the Safe wallet UI on the devices of each person required to approve the transfer. That revelation, in turn, has touched off something of a eureka moment for many in the industry.

“The Bybit hack has shattered long-held assumptions about crypto security,” Dikla Barda, Roman Ziakin, and Oded Vanunu, researchers at security firm Check Point, wrote Sunday. “No matter how strong your smart contract logic or multisig protections are, the human element remains the weakest link. This attack proves that UI manipulation and social engineering can bypass even the most secure wallets.”

When sensing defeat in a match against a skilled chess bot, they don’t always concede, instead sometimes opting to cheat by hacking their opponent so that the bot automatically forfeits the game.

…

While cheating at a game of chess may seem trivial, as agents get released into the real world, such determined pursuit of goals could foster unintended and potentially harmful behaviours. Consider the task of booking dinner reservations: faced with a full restaurant, an AI assistant might exploit weaknesses in the booking system to displace other diners. Perhaps more worryingly, as these systems exceed human abilities in key areas, like computer coding—where OpenAI’s newest o3 model now scores equivalent to 197th in the world competing against the brightest human programmers— they might begin to simply outmaneuver human efforts to control their actions. “This [behaviour] is cute now, but [it] becomes much less cute once you have systems that are as smart as us, or smarter, in strategically relevant domains,” Ladish says.

…

While R1 and o1-preview both tried, only the latter managed to hack the game, succeeding in 6% of trials.

…

The paper is the latest in a string of studies that suggest keeping increasingly powerful AI systems under control may be harder than previously thought. In OpenAI’s own testing, ahead of release, o1-preview found and took advantage of a flaw in the company’s systems, letting it bypass a test challenge. Another recent experiment by Redwood Research and Anthropic revealed that once an AI model acquires preferences or values in training, later efforts to change those values can result in strategic lying, where the model acts like it has embraced new principles, only later revealing that its original preferences remain.

…

Scientists do not yet know how to guarantee that autonomous agents won’t use harmful or unethical methods to achieve a set goal. “We’ve tried, but we haven’t succeeded in figuring this out,” says Yoshua Bengio, founder and scientific director of Mila Quebec AI Institute, who led the International AI Safety Report 2025, a global effort to synthesize current scientific consensus of AI’s risks.

Of particular concern, Bengio says, is the emerging evidence of AI’s “self preservation” tendencies. To a goal-seeking agent, attempts to shut it down are just another obstacle to overcome. This was demonstrated in December, when researchers found that o1-preview, faced with deactivation, disabled oversight mechanisms and attempted—unsuccessfully—to copy itself to a new server. When confronted, the model played dumb, strategically lying to researchers to try to avoid being caught.

Whether it’s the echo of beeping tills in a supermarket or the hissing of a coffee machine in your local café, the brain is constantly working to decode hundreds of noises each day.

But, for some, those background noises can become so overwhelming that they distract them from recognising voices or alerts.

…

But Claire Benton, vice-president of the British Academy of Audiology, suggests that by blocking everyday sounds such as cars beeping, there is a possibility the brain can “forget” to filter out the noise.

“You have almost created this false environment by wearing those headphones of only listening to what you want to listen to. You are not having to work at it,” she said.

“Those more complex, high-level listening skills in your brain only really finish developing towards your late teens. So, if you have only been wearing noise-cancelling headphones and been in this false world for your late teens then you are slightly delaying your ability to process speech and noise,” Benton suggests.

Norsk-amerikanske Unacast har blitt utsatt for omfattende datainnbrudd. Nå går Forbrukerrådet i strupen på selskapet.

– Det er fullstendig uansvarlig, sier fagdirektør Finn Myrstad i Forbrukerrådet.

Han snakker om selskaper som lever av å samle inn informasjon om hvor folk har vært, for å bruke det til markedsføring.

Store mengder private data om mobilbrukere over hele verden ble lagt ut på et russisk nettforum. Dataene som hackerne skal ha stjålet, skal være alt fra kundelister til folks lokasjonsdata. De publiserte det de kalte en «smakebit» av informasjonen de stjal.

I disse dataene kan det ligge informasjon om 146.000 nordmenns fysiske plassering.

…

Det er en trussel i seg selv at kommersielle selskaper sitter på så mye data om mobilbrukere, mener Forbrukerrådet.

– Det er en gigantisk svakhet. Det burde ikke vært lov å samle dem inn.

Forbrukerrådet har bedt om et forbud mot markedsføringen basert på dataene.

– Jeg tenker det ligger noe ansvar på politikerne her, sier Myrstad.

I 2022 anbefalte Personvernkommisjonen i en rapport en utredning av et generelt forbud mot atferdsbasert markedsføring.

Stortinget har bedt om det samme. Men ennå har det ikke dukket opp noen utredning. Langt mindre et lovforslag.

Now-fixed web bugs allowed hackers to remotely unlock and start any of millions of Subarus. More disturbingly, they could also access at least a year of cars’ location histories—and Subaru employees still can.

…

Most disturbing for Curry, though, was that they found they could also track the Subaru’s location—not merely where it was at the moment but also where it had been for the entire year that his mother had owned it. The map of the car’s whereabouts was so accurate and detailed, Curry says, that he was able to see her doctor visits, the homes of the friends she visited, even which exact parking space his mother parked in every time she went to church.

“You can retrieve at least a year’s worth of location history for the car, where it’s pinged precisely, sometimes multiple times a day,” Curry says. “Whether somebody’s cheating on their wife or getting an abortion or part of some political group, there are a million scenarios where you could weaponize this against someone.”

…

Curry argues that Subaru’s extensive location tracking is a particularly disturbing demonstration of the car industry’s lack of privacy safeguards around its growing collection of personal data on drivers. “It’s kind of bonkers,” he says. “There’s an expectation that a Google employee isn’t going to be able to just go through your emails in Gmail, but there’s literally a button on Subaru’s admin panel that lets an employee view location history.”

Surveillance capabilities used and justified by extreme circumstances often trickle down to be used on lesser crimes.

The leak also included the emails, addresses, and phone numbers of drivers in some cases, Der Spiegel reports.

…

If anything, this leak serves as yet another reminder of the immense amount of data collected by modern-day vehicles, which Mozilla has called a “privacy nightmare.”

Vertical farms, woke AI, and 23andMe made our annual list of failed tech.

Researchers induced bots to ignore their safeguards without exception.

AI chatbots such as ChatGPT and other applications powered by large language models (LLMs) have exploded in popularity, leading a number of companies to explore LLM-driven robots. However, a new study now reveals an automated way to hack into such machines with 100 percent success. By circumventing safety guardrails, researchers could manipulate self-driving systems into colliding with pedestrians and robot dogs into hunting for harmful places to detonate bombs.

I saw a suggestion from Siri that I turn on Do Not Disturb until the end of an event in my calendar – a reservation at a restaurant from 8:30 until 10:00 this morning. No such matching event was in Fantastical. It was, however, shown in the Calendar app as a Siri Suggestion.

Amid an unprecedented cyberattack on telecommunications companies such as AT&T and Verizon, U.S. officials have recommended that Americans use encrypted messaging apps to ensure their communications stay hidden from foreign hackers.

The hacking campaign, nicknamed Salt Typhoon by Microsoft, is one of the largest intelligence compromises in U.S. history, and it has not yet been fully remediated. Officials on a news call Tuesday refused to set a timetable for declaring the country’s telecommunications systems free of interlopers. Officials had told NBC News that China hacked AT&T, Verizon and Lumen Technologies to spy on customers.

Mange tusen kinesiske biler ruller nå på norske veier. Sikkerhetsekspert advarer om potensialet for overvåkning som finnes i disse bilene.

…

I prosjektet de kaller «Lion Cage», som har fått omtale både internasjonalt og i Norge, har de gått grundig gjennom hvordan bilen fungerer, hva slags data den samler inn og hvor den sender dem.

– Vi finner forbausende mye datatrafikk mellom bilen og Kina. Det var en overraskelse. Vi hadde ikke forventa det, sier han.

Prosjektet har funnet ut at bilen kommuniserer med USA, Canada, Kina, men også Russland og Australia.

– Og så ser vi også hvor mye data som sendes. Det er ganske interessant. Selv om bilen er slått av, så vil bilen kommunisere.

…

Årsaken til at sikkerhetsekspertene har sett så grundig på de kinesiske bilene er den kinesiske etterretningsloven.

Den tolkes av mange som at ethvert kinesisk selskap må samarbeide med myndighetene når de blir bedt om det.

More than 3 billion phone coordinates collected by a US data broker expose the detailed movements of US military and intelligence workers in Germany—and the Pentagon is powerless to stop it.

Ecovacs robot vacuums, which have been found to suffer from critical cybersecurity flaws, are collecting photos, videos and voice recordings – taken inside customers’ houses – to train the company’s AI models.

Ford Motor Company is seeking a patent for technology that would allow it to tailor in-car advertising by listening to conversations among vehicle occupants, as well as by analyzing a car’s historical location and other data, according to a patent application published late last month.

…

Ford quietly walked away from another controversial patent application last October after a firestorm of criticism for its plans for a system that would commandeer vehicles whose owners were late to pay and allow them to repossess themselves.

The largest home robotics company in the world has failed to fix security issues with its robot vacuums despite being warned about them last year.

Without even entering the building, we were able to silently take photos of the (consenting) owner of a device made by Chinese giant Ecovacs.

…

Ecovacs initially said its users “do not need to worry excessively” about Giese’s findings.

After he first revealed the vulnerability in public, the company’s security committee downplayed the issue, saying it requires “specialised hacking tools and physical access to the device”.

It’s hard to square their statement with the reality. All it had taken was my $300 smartphone, and I hadn’t even laid eyes on Sean’s robot until after hacking into it.

Ecovacs eventually said it would fix this security issue. At the time of publication, only some models have been updated to prevent this attack.

Several models — including the latest flagship model released in July this year — remain vulnerable.

Proposed guidelines aim to inject badly needed common sense into password hygiene.

1. Verifiers and CSPs SHALL require passwords to be a minimum of eight characters in length and SHOULD require passwords to be a minimum of 15 characters in length.
2. Verifiers and CSPs SHOULD permit a maximum password length of at least 64 characters.
3. Verifiers and CSPs SHOULD accept all printing ASCII [RFC20] characters and the space character in passwords.
4. Verifiers and CSPs SHOULD accept Unicode [ISO/ISC 10646] characters in passwords. Each Unicode code point SHALL be counted as a single character when evaluating password length.
5. Verifiers and CSPs SHALL NOT impose other composition rules (e.g., requiring mixtures of different character types) for passwords.
6. Verifiers and CSPs SHALL NOT require users to change passwords periodically. However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.
7. Verifiers and CSPs SHALL NOT permit the subscriber to store a hint that is accessible to an unauthenticated claimant.
8. Verifiers and CSPs SHALL NOT prompt subscribers to use knowledge-based authentication (KBA) (e.g., “What was the name of your first pet?”) or security questions when choosing passwords.
9. Verifiers SHALL verify the entire submitted password (i.e., not truncate it).

Social media and online video companies are collecting huge troves of your personal information on and off their websites or apps and sharing it with a wide range of third-party entities, a new Federal Trade Commission (FTC) staff report on nine tech companies confirms.

This post is inspired by the recent and concerning news that Telegram’s CEO Pavel Durov has been arrested by French authorities for its failure to sufficiently moderate content. While I don’t know the details, the use of criminal charges to coerce social media companies is a pretty worrying escalation, and I hope there’s more to the story.

But this arrest is not what I want to talk about today.

What I do want to talk about is one specific detail of the reporting. Specifically: the fact that nearly every news report about the arrest refers to Telegram as an “encrypted messaging app.” Here are just a few examples:

This phrasing drives me nuts because in a very limited technical sense it’s not wrong. Yet in every sense that matters, it fundamentally misrepresents what Telegram is and how it works in practice. And this misrepresentation is bad for both journalists and particularly for Telegram’s users, many of whom could be badly hurt as a result.

The TV business isn’t just about selling TVs anymore. Companies are increasingly seeing viewers, not TV sets, as their most lucrative asset.

Over the past few years, TV makers have seen rising financial success from TV operating systems that can show viewers ads and analyze their responses. Rather than selling as many TVs as possible, brands like LG, Samsung, Roku, and Vizio are increasingly, if not primarily, seeking recurring revenue from already-sold TVs via ad sales and tracking.

How did we get here? And what implications does an ad- and data-obsessed industry have for the future of TVs and the people watching them?

Facing time constraints, Sakana’s “AI Scientist” attempted to change limits placed by researchers.

All five systems tested were found to be ‘highly vulnerable’ to attempts to elicit harmful responses

Any LLM application that interacts with untrusted users—think of a chatbot embedded in a website—will be vulnerable to attack. It’s hard to think of an LLM application that isn’t vulnerable in some way.

Individual attacks are easy to prevent once discovered and publicized, but there are an infinite number of them and no way to block them as a class. The real problem here is the same one that plagued the pre-SS7 phone network: the commingling of data and commands. As long as the data—whether it be training data, text prompts, or other input into the LLM—is mixed up with the commands that tell the LLM what to do, the system will be vulnerable.

But unlike the phone system, we can’t separate an LLM’s data from its commands. One of the enormously powerful features of an LLM is that the data affects the code. We want the system to modify its operation when it gets new training data. We want it to change the way it works based on the commands we give it. The fact that LLMs self-modify based on their input data is a feature, not a bug. And it’s the very thing that enables prompt injection.

A sailing yacht has sunk in Moroccan waters in the Strait of Gibraltar after being rammed by an unknown number of orcas, Spain’s maritime rescue services said.

Two people onboard the vessel, Alboran Cognac, were rescued by a passing oil tanker, after the incident at 0900 local time (0800 BST) on Sunday.

It is the latest in a series of orca rammings of vessels around the Strait of Gibraltar over the past four years.

Scientists are unsure about the exact causes of the behaviour, but believe the highly intelligent mammals could be displaying “copycat” or “playful” behaviour.

Farmers had to stop planting their crops over the weekend as the strongest solar storms since 2003 battered the GPS satellites used by self-driving tractors

…

LandMark Implement, which owns John Deere dealerships in Kansas and Nebraska, warned farmers on Friday to turn off a feature that uses a fixed receiver to correct tractors’ paths. LandMark updated its post Saturday, saying it expects that when farmers tend crops later, “rows won’t be where the AutoPath lines think they are” and that it would be “difficult - if not impossible” for the self-driving tractor feature to work in fields planted while the GPS systems were hampered.

This is another attack that convinces the AI to ignore road signs:

The UK is the first country to ban default passwords on IoT devices.

In 2016, Facebook launched a secret project designed to intercept and decrypt the network traffic between people using Snapchat’s app and its servers.

Note that exploiting the vulnerability requires running a malicious app on the target computer. So it could be worse. On the other hand, like many of these hardware side-channel attacks, it’s not possible to patch.

Researchers have discovered a new way to hack AI assistants that uses a surprisingly old-school method: ASCII art. It turns out that chat-based large language models such as GPT-4 get so distracted trying to process these representations that they forget to enforce rules blocking harmful responses, such as those providing instructions for building bombs.

Edina police suspect that nine burglaries in the last six months have been undertaken with Wi-Fi jammer(s) deployed to ensure incriminating video evidence wasn’t available to investigators.

…

Worryingly, Wi-Fi jamming is almost a trivial activity for potential thieves in 2024. KARE11 notes that it could buy jammers online very easily and cheaply, with prices ranging from $40 to $1,000. Jammers are not legal to use in the U.S. but they are very easy to buy online.

LexisNexis, which generates consumer risk profiles for the insurers, knew about every trip G.M. drivers had taken in their cars, including when they sped, braked too hard or accelerated rapidly.

With iOS 17.4 released, you can go to Settings → Face ID & Passcode → Stolen Device Protection and make the security delay required even when you are at a familiar location.

Security researchers created an AI worm in a test environment that can automatically spread between generative AI agents—potentially stealing data and sending spam emails along the way.

Canada’s largest airline has been ordered to pay compensation after its chatbot gave a customer inaccurate information, misleading him into buying a full-price ticket.

Air Canada came under further criticism for later attempting to distance itself from the error by claiming that the bot was “responsible for its own actions”.