RISKS-LIST: Risks-Forum Digest Saturday 27 April 2024 Volume 34 : Issue 21

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/34.21>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
AI deepfakes threaten to upend global elections. No one can stop them.
(WashPost)
Tesla's Autopilot and Full Self-Driving linked to hundreds of crashes,
dozens of deaths (The Verge)
Cisco Says Hackers Subverted Its Security Devices to Spy on Governments
(Reuters)
Hackers Use Developing Countries as Testing Ground for New Ransomware
Attacks (Ellesheva Kissin)
9 Disturbing Stories From People Who Say They Found Cameras in Their Airbnb
(Gizmodo)
Millions of IPs remain infected by USB worm years after its
creators left it for dead (ArsTechnica)
Chinese Firm Is America's Favorite Drone Maker, Except in Washington
(NYTimes)
Stop Using Your Face or Thumb to Unlock Your Phone (Gizmodo)
How Google's SGE Could Destroy the Internet (Lauren Weinstein)
FTC questions Amazon's use of disappearing messages on Signal
(WashPost)
FTC says Amazon executives destroyed potential evidence by using
apps like Signal (The Verge)
Tech brands are forcing AI into your gadgets, whether you asked for
it or not (ArsTechnica)
Health insurance giant Kaiser will notify millions of a data breach
after sharing patients’ data with advertisers (TechCrunch)
Chaturbate Owes Texas $675,000 for Not Verifying the Age of Users (Gizmodo)
Android TV has access to your entire account, but Google is changing that
(ArsTechnica)
Health insurance giant Kaiser will notify millions of a data breach after
sharing patients’ data with advertisers (TechCrunch)
We're always fighting the last war (Henry Baker)
Prescient Fiction: 'Forbidden Planet' & 21st C. AI (Henry Baker)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Sat, 27 Apr 2024 8:37:31 PDT
From: Peter Neumann <neumann@csl.sri.com>
Subject: AI deepfakes threaten to upend global elections. No one
can stop them. (WashPost)

Pranshu Verma and Cat Zakrzewski, *The Washington Post*

Elections from India to Europe have been assailed by AI deepfakes that
spread quickly and are no longer easy to debunk -- leaving voters
vulnerable.

https://www.washingtonpost.com/technology/2024/04/23/ai-deepfake-election-2024-us-india/

------------------------------

Date: Fri, 26 Apr 2024 19:31:09 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Tesla's Autopilot and Full Self-Driving linked to
hundreds of crashes, dozens of deaths (The Verge)

https://www.theverge.com/2024/4/26/24141361/tesla-autopilot-fsd-nhtsa-investigation-report-crash-death

In March 2023, a North Carolina student was stepping off a school bus when
he was struck by a Tesla Model Y traveling at “highway speeds,” according to
a federal investigation that published today. The Tesla driver was using
Autopilot, the automaker’s advanced driver-assist feature that Elon Musk
insists will eventually lead to fully autonomous cars.

The 17-year-old student who was struck was transported to a hospital by
helicopter with life-threatening injuries. But what the investigation found
after examining hundreds of similar crashes was a pattern of driver
inattention, combined with the shortcomings of Tesla’s technology, resulting
in hundreds of injuries and dozens of deaths.

Drivers using Autopilot or the system’s more advanced sibling, Full
Self-Driving, “were not sufficiently engaged in the driving task,” and
Tesla’s technology “did not adequately ensure that drivers maintained their
attention on the driving task,” NHTSA concluded.

------------------------------

Date: Fri, 26 Apr 2024 11:40:26 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Cisco Says Hackers Subverted Its Security Devices to Spy on
Governments (Reuters)

Raphael Satter, *Reuters*, 24 Apr 2024, via ACN TechNews

Cisco Systems on Wednesday said that hackers have subverted some of its
digital security devices to break into government networks globally. In a
blog post, Cisco said its Adaptive Security Appliances had previously
unknown vulnerabilities that had been exploited by a group of hackers they
dubbed "UAT4356." The company described the group as a "sophisticated
state-sponsored actor." Cisco said the vulnerabilities have been patched.

------------------------------

Date: Fri, 26 Apr 2024 11:40:26 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Hackers Use Developing Countries as Testing Ground for New
Ransomware Attacks (Ellesheva Kissin)

Ellesheva Kissin, *Financial Times*, 24 Apr 2024, via ACN TechNews

Cybersecurity firm Performanta reported that businesses in Africa, Asia, and
South America increasingly are being used by hackers as testing grounds for
their latest ransomware before they turn to higher-value targets in North
America and Europe. Recent dry runs in developing countries focused on a
Senegalese bank, a Chilean financial services company, a Colombian tax firm,
and a government economic agency in Argentina.

------------------------------

Date: Fri, 26 Apr 2024 19:47:27 -0400
From: Monty Solomon <monty@roscom.com>
Subject: 9 Disturbing Stories From People Who Say They Found Cameras in
Their Airbnb (Gizmodo)

https://gizmodo.com/airbnb-hidden-cameras-shocking-stories-bedroom-night-1851433108

Airbnb announced in March that all indoor security cameras would be banned
at its properties worldwide starting April 30. And if you read through
online complaints about cameras that were discovered during Airbnb stays
over the years, it’s easy to understand why it’s been such a controversial
issue.

Gizmodo filed a Freedom of Information Act request with the FTC for any
consumer complaints filed about Airbnb that involved cameras. Some of the
complaints are fairly mundane, and simply mention how cameras may have been
used to prove things that break the rules at Airbnb properties. But others
are pretty horrifying and involve hidden cameras in places where people
expect privacy.

------------------------------

Date: Fri, 26 Apr 2024 19:57:18 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Millions of IPs remain infected by USB worm years after its
creators left it for dead (ArsTechnica)

https://arstechnica.com/?p=2020055

------------------------------

Date: Fri, 26 Apr 2024 11:40:26 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Chinese Firm Is America's Favorite Drone Maker, Except in Washington
(NYTimes)

Kate Kelly and Julian E. Barnes. *The New York Times*, 25 Apr 2024,
via ACN TechNews

The Countering CCP Drones Act, under consideration by the U.S. Congress,
would threaten the commercial business of DJI, a Chinese drone manufacturer
that dominates sales among U.S. law enforcement agencies and hobbyists. The
legislation would put the company on a Federal Communications Commission
roster that would prevent it from running on U.S. communications
infrastructure. Researchers found vulnerabilities in an app that controls
DJI's drones could be used to access personal data (a U.S. official said all
known vulnerabilities currently have been patched).

------------------------------

Date: Fri, 26 Apr 2024 19:47:58 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Stop Using Your Face or Thumb to Unlock Your Phone (Gizmodo)

Last week, the 9th Circuit Court of Appeals in California released a ruling
that concluded state highway police were acting lawfully when they forcibly
unlocked a suspect's phone using their fingerprint. You probably didn’t hear
about it. The case didn’t get a lot of coverage, especially because the
courts weren’t giving a blanket green light for every cop to shove your
thumb to your screen during an arrest. But it’s another toll of the warning
bell that reminds you to not trust biometrics to keep your phone’s sensitive
info private. In many cases, especially if you think you might interact with
the police (at a protest, for example), you should seriously consider
turning off biometrics on your phone entirely.
https://gizmodo.com/stop-using-your-face-or-thumb-to-unlock-your-phone-1851438205

------------------------------

Date: Sat, 27 Apr 2024 09:26:18 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: How Google's SGE Could Destroy the Internet (Lauren Weinstein)

Google's LLM AI SGE ("Search Generative Experience") could effectively
destroy the Internet for all but the largest sites -- the same
Internet that #Google so effectively helped to build.

This is becoming clear as SGE rolls out to most users, with SGE
"answers" now appearing on a vast number of Google queries. Leaving
aside the serious questions around the accuracy of such responses and
everything associated with that, the mere presence of the responses
could be devastating to most sites.