Customer service calls and chats with the Sears Home Services AI bot Samantha were exposed and publicly accessible until a researcher reported the situation — revealing personal details from the calls and chats, which, in some cases, included additional audio recorded hours after customers ended the calls. And WIRED reviewed dozens of Telegram channels with job listings for “AI face models.” Most of those who got jobs are women and are likely being used as the faces of AI scams to steal money from victims.
Meta recently announced that it will eliminate end-to-end encryption protection for Instagram Direct Messages on May 8, citing low adoption of the feature. The company has long promised security as the default for Instagram chats, and experts fear the bait and switch could set a dangerous precedent in the tech industry. However, in other meta encryption news, signals maker Moxie Marlinspike announced this week that it will be collaborating with the tech giant to integrate its encrypted AI platform Confer into meta AI in some form.
There is so much more. Each week, we round up security and privacy news that we haven’t covered in depth ourselves. Click on titles to read full stories. And stay safe there.
Imagine you’re trying to explain this to your boss: You can’t go to work because your court-ordered breathalyzer won’t let you start the vehicle.No Not because you’ve been drinking, you swear, but because the alcohol-vapor-detecting device has been disabled by a cyberattack on the company that makes it.
IntoxLock, the automotive breathalyzer maker that says it is used by 150,000 drivers daily across the U.S., reported this week that it was the target of a cyberattack, resulting in its “systems currently experiencing downtime,” according to an announcement posted on its website. Meanwhile, drivers using Breathalyzer have reported being stranded due to the device’s inability to connect to the company’s services. “Our vehicles have become giant paperweights at this point through no fault of their own,” wrote one on Reddit. “I’m being held accountable at work and I feel completely helpless.”
It appears that the lockout is a result of the need for periodic calibration of Intoxalock’s breath analyzers which requires a connection to the company’s servers. Drivers who are due a calibration and are unable to get one due to company downtime are stuck, although the company now states on its website that it is offering a 10-day extension on those calibrations due to its cybersecurity disruption, as well as towing services in some cases. Meanwhile, Intoxalock has not revealed what type of cyberattack it is facing or whether the hackers obtained any user data of the company.
In March 2023, FBI Director Christopher Wray confirmed for the first time that the agency had purchased US phone location data. While the FBI previously paid commercial data brokers rather than seeking warrants for phone data, it had stopped doing so, Wray said. “He hasn’t been active for a while,” Ray claimed. Fast forward three years, the FBI is once again purchasing location data that can be used to track Americans.
At a Senate hearing on Wednesday, FBI Director Kash Patel confirmed that the agency is purchasing “commercially available information,” which he claims is “consistent with the Constitution” and other laws. “This has given us some valuable information,” Patel said. In this practice the FBI purchases information from commercial data brokers, who sell massive amounts of data, including phone location information, which is collected by advertising technology in apps.
<a href