Cyberattack on a Car Breathalyzer Firm Leaves Drivers Stuck
American law This week, authorities dismantled the Aisuru, Kimwolf, JackSkid and Mossad botnets, a series of cybercriminal tools that infected more than 3 million devices worldwide, including many home networks, and were used to carry out record cyberattacks. Meanwhile, hundreds of millions of iPhones are currently vulnerable to control by a new tool called DarkSword, which Russian hackers have used to steal their victims’ data.
Customer service calls and chats with Sears Home Services’ AI bot, Samantha, were exposed and publicly available until a researcher reported the situation, revealing personal details about the calls and chats, including, in some cases, hours of additional audio apparently recorded after customers thought a call was over. And WIRED examined dozens of Telegram channels containing job postings for “AI face models.” The people who land the jobs are mostly women and are likely being used as the face of AI scams to steal victims’ money.
Meta recently announced that it would remove end-to-end encryption protections for Instagram direct messages on May 8, citing low adoption of the feature. The company had long promised default protection for Instagram chat, and experts fear the bait-and-switch could set a dangerous precedent in the tech industry. However, in other Meta encryption news, Signal creator Moxie Marlinspike announced this week that it will be working with the tech giant to integrate its Confer encrypted AI platform into Meta AI in some form.
And there’s more. Every week, we round up security and privacy news that we haven’t covered in depth ourselves. Click on the headlines to read the full stories. And stay safe out there.
Imagine trying to explain this to your boss: you can’t get to work because your court-mandated breathalyzer won’t let you start the vehicle…not because you drank, you swear, but because this alcohol vapor detection device was deactivated by a cyberattack against the company that manufactures it.
Intoxalock, a manufacturer of automotive breathalyzers that says it is used daily by 150,000 drivers across the United States, reported this week that it had been the target of a cyberattack, resulting in “downtime of its systems,” according to an announcement on its website. Meanwhile, drivers who use the breathalyzers have reported being stranded due to the devices’ inability to connect to the company’s services. “Our vehicles are currently giant paperweights, through no fault of our own,” one wrote on Reddit. “I am held accountable at work and I feel completely helpless.”
The lockouts appear to be the result of Intoxalock’s breathalyzers requiring periodic calibrations requiring a connection to the company’s servers. Drivers who are due for a calibration and can’t complete one due to company downtime are stuck, although the company now says on its website that it is offering 10-day extensions for those calibrations due to the cybersecurity disruption, as well as towing services in some cases. Meanwhile, Intoxalock has not explained what type of cyberattack it is facing or whether hackers have obtained user data from the company.
In March 2023, FBI Director Christopher Wray confirmed for the first time that the agency had purchased telephone location data from the United States. While the FBI had previously paid for phone data from commercial data brokers — instead of seeking a warrant — it stopped doing so, Wray said. “It hasn’t been active for a while,” Wray said. Three years later, the FBI is again purchasing location data that can be used to track Americans.
At a Senate hearing Wednesday, FBI Director Kash Patel confirmed that the agency was purchasing “commercially available information” that he said was “consistent with the Constitution” and other laws. “This allowed us to gain valuable intelligence,” Patel said. This practice involves the FBI purchasing information from commercial data brokers, who sell huge volumes of data, including phone location information, collected by in-app advertising technology.
