An advocacy groups is filing a Fourth Amendment challenge against automatic license plate readers.
“The City of Norfolk, Virginia, has installed a network of cameras that make it functionally impossible for people to drive anywhere without having their movements tracked, photographed, and stored in an AI-assisted database that enables the warrantless surveillance of their every move. This civil rights lawsuit seeks to end this dragnet surveillance program,” the lawsuit notes. “In Norfolk, no one can escape the government’s 172 unblinking eyes,” it continues, referring to the 172 Flock cameras currently operational in Norfolk. The Fourth Amendment protects against unreasonable searches and seizures and has been ruled in many cases to protect against warrantless government surveillance, and the lawsuit specifically says Norfolk’s installation violates that.”
Security researchers have uncovered a new flaw in some AI chatbots that could have allowed hackers to steal personal information from users.
The flaw, which has been named "Imprompter", which uses a clever trick to hide malicious instructions within seemingly-random text.
Read more in my article on the Hot for Security blog.
An Australian news agency is reporting that robot vacuum cleaners from the Chinese company Deebot are surreptitiously taking photos and recording audio, and sending that data back to the vendor to train their AIs.
Ecovacs’s privacy policy—available elsewhere in the app—allows for blanket collection of user data for research purposes, including:
- The 2D or 3D map of the user’s house generated by the device
- Voice recordings from the device’s microphone
- Photos or videos recorded by the device’s camera
It also states that voice recordings, videos and photos that are deleted via the app may continue to be held and used by Ecovacs.
No word on whether the recorded audio is being used to train the vacuum in some way, or whether it is being used to train a LLM.
Slashdot thread.
Join us as we delve into the world of unexpected security breaches and legal loopholes, where your robot vacuum cleaner might be spying on you, and ordering a pizza could cost you your right to sue.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
In episode 19 of "The AI Fix" podcast, Graham and Mark discover some AI podcast hosts having an existential crisis, a robot dog climbs another step towards world domination, Mark makes a gift for anyone working in tech support, and William Shatner chews through Lucy in the Sky with Diamonds.
Things can take a terrible turn when a pair of bored students think they're Ethan Hunt, and Mark thinks that an underwater IKEA might be the silver lining to the climate crisis.
All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.
When Sean Kelly bought a top-of-the-line vacuum cleaner, he imagined he was making a safe purchase.
Little did he know that the cleaning machine scuttling about his family's feet contained a security flaw that could let anyone see and hear their every move.
Read more in my article on the Hot for Security blog.
From family tree to jail cell? A hacker is alleged to have exploited information on genealogy websites to steal millions from public companies. Meanwhile, Kaspersky's US customers are wondering - what on earth is UltraAV?
All this and more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.
The government of Ukraine imposed a ban on the Telegram messaging app being used on official devices belonging to government officials, military staff, and critical infrastructure workers, citing security fears.
Read more in my article on the Hot for Security blog.
It's a case of algorithm and blues as we look into an AI music scam, Ukraine believes it has caught a spy high in the sky, and a cocaine-fuelled bear goes on the rampage.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
There's a whole new dating scam that could mean you end up out of pocket (or beaten up) after a first date with a glamorous admirer, and a woman in Los Alamos uses an Air Tag to entrap a thief.
Plus - don't miss our featured interview with Maya Irvine of Sysdig.
All this, and a very bad Cockney accent, in the latest edition of the "Smashing Security" podcast by industry veterans Graham Cluley and Carole Theriault.