Customer service calls and chats with the Sears Home Services AI bot Samantha were exposed and publicly accessible until a researcher reported the situation—revealing personal details from calls and chats, including, in some cases, hours of extra audio seemingly recorded after customers thought a call had ended. And WIRED reviewed dozens of Telegram channels containing job listings for “AI face models.” The people who land the jobs are mostly women and are likely being used as the face of AI scams to steal victims’ money.
Meta recently announced that it will eliminate end-to-end encryption protections for Instagram Direct Messages on May 8, citing low adoption of the feature. The company had long promised the protection as a default for Instagram chat, and experts fear that the bait and switch could set a dangerous precedent in the tech industry. In other Meta encryption news, though, Signal creator Moxie Marlinspike announced this week that he will collaborate with the tech giant to integrate his encrypted AI platform Confer into Meta AI in some form.
And there’s more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.
Imagine trying to explain this one to your boss: You can’t get to work because your court-mandated breathalyzer won’t let you start the vehicle—not because you’ve been drinking, you swear, but because that alcohol-vapor-detecting device has been disabled by a cyberattack on the company that makes it.
Intoxalock, an automotive breathalyzer maker that says it’s used daily by 150,000 drivers across the US, this week reported that it had been the target of a cyberattack, resulting in its “systems currently experiencing downtime,” according to an announcement posted to its website. Meanwhile, drivers that use the breathalyzers have reported being stranded due to the devices’ inability to connect to the company’s services. “Our vehicles are giant paperweights right now through no fault of ours,” one wrote on Reddit. “I’m being held accountable at work and feel completely helpless.”
The lockouts appear to be the result of Intoxalock’s breathalyzers needing periodic calibrations that require a connection to the company’s servers. Drivers who are due for a calibration and can’t perform one due to the company’s downtime have been stuck, though the company now states on its website that it’s offering 10-day extensions on those calibrations due to its cybersecurity disruption, as well as towing services in some cases. In the meantime, Intoxalock hasn’t explained what sort of cyberattack it’s facing or whether hackers have obtained any of the company’s user data.
Back in March 2023, FBI director Christopher Wray confirmed, for the first time, that the agency had purchased US phone location data. While the FBI had previously paid for phone data from commercial data brokers—instead of seeking a warrant—it had stopped doing so, Wray said. “That’s not been active for some time,” Wray claimed. Fast-forward three years, and the FBI is once again purchasing location data that can be used to track Americans.
At a Senate hearing on Wednesday, FBI director Kash Patel confirmed that the agency is buying “commercially available information” that he claimed was “consistent with the Constitution” and other laws. “It has led to some valuable intelligence for us,” Patel said. The practice involves the FBI buying information from commercial data brokers, which sell huge volumes of data, including phone location information, that is collected by advertising technology baked into apps.