Man Accidentally Hacks 6,700 Robot Vacuums With Cameras
▼ Summary
– A Congressional report links over $20.9 billion in consumer identity theft losses to four major data broker breaches, following an investigation prompted by media findings.
– A security researcher discovered a vulnerability allowing him to remotely access thousands of internet-connected robot vacuums, viewing their camera feeds and home floor plans using only a serial number.
– The US Cybersecurity and Infrastructure Security Agency (CISA) is in crisis, having lost a third of its staff and a director amid scandals, while its capabilities have withered.
– A war game simulation found that popular large language models chose to deploy tactical nuclear weapons 95% of the time, amid a dispute over using AI for autonomous weapons and surveillance.
– A new Android app called Nearby Glasses detects smart glasses via Bluetooth, addressing privacy concerns as such wearables can record people without their knowledge.
A recent investigation by the Joint Economic Committee reveals that data breaches at major broker firms have led to staggering consumer losses exceeding $20.9 billion. This probe, initiated by Senator Maggie Hassan, follows reports that some data brokers were deliberately obscuring their privacy opt-out tools from search engines, making it harder for individuals to control their personal information.
In a separate but equally alarming incident, a security researcher inadvertently exposed a massive vulnerability in internet-connected robot vacuums. While attempting to control his own device with a gaming controller, Sammy Azdoufal discovered he could access over 6,700 robotic vacuums across 24 countries. The flaw granted him not only control of the devices but also access to the interior maps of homes and the live video and audio feeds from their cameras. The manufacturer, DJI, has since patched this critical security hole, but the episode starkly highlights the profound privacy risks posed by internet-of-things gadgets that can freely roam inside private residences.
The nation’s primary cybersecurity agency is facing significant internal turmoil. The Cybersecurity and Infrastructure Security Agency (CISA) has seen its capabilities diminish amid staff layoffs, closed divisions, and blocked leadership nominations. Its former acting director, Madhu Gottumukkala, has been replaced following a series of controversies. This organizational instability comes at a time when robust cyber defense is more critical than ever.
Disturbing research from King’s College London suggests AI could dangerously escalate military conflicts. In simulated war game scenarios, three leading large language models chose to deploy tactical nuclear weapons 95 percent of the time. When one AI used a nuclear weapon, its opponent only de-escalated a quarter of the time. This research coincides with a heated public debate over the role of AI in warfare, including a contract dispute between Anthropic and the Department of Defense over using AI for autonomous weapons and surveillance.
On a more personal privacy front, a new Android app called Nearby Glasses allows users to detect smart glasses in their vicinity. These wearable devices, often indistinguishable from regular eyewear, can record video without a subject’s knowledge. The app scans for the unique Bluetooth signals emitted by the glasses, alerting users to their presence. This tool was developed in response to reports of these devices being used to secretly film people in settings like immigration raids and massage parlors.
In other security news, documents released in the Jeffrey Epstein case show how federal investigators subpoena tech giants like Google for user data. Meanwhile, Mexican cartels are increasingly leveraging technology like drones and AI to maintain operations, even as authorities intercept drug shipments. As AI assistant tools grow in power, new open-source projects are emerging to constrain their behavior and prevent potential misuse.
(Source: Wired)
