Researchers have demonstrated remotely controlling a wheelchair over Bluetooth. CISA has issued an advisory. > CISA said the WHILL wheelchairs did not enforce authentication for Bluetooth > connections, allowing an attacker who is in Bluetooth range of the targeted > device to pair with it. The attacker could then control the wheelchair’s > movements, override speed restrictions, and manipulate configuration profiles, > all without requiring credentials or user interaction.

Forty years ago, The Mentor—Loyd Blankenship—published “The Conscience of a Hacker” in Phrack. > You bet your ass we’re all alike… we’ve been spoon-fed baby food at school > when we hungered for steak… the bits of meat that you did let slip through > were pre-chewed and tasteless. We’ve been dominated by sadists, or ignored by > the apathetic. The few that had something to teach found us willing pupils, > but those few are like drops of water in the desert. > > This is our world now… the world of the electron and the switch, the beauty of > the baud. We make use of a service already existing without paying for what > could be dirt-cheap if it wasn’t run by profiteering gluttons, and you call us > criminals. We explore… and you call us criminals. We seek after knowledge… and > you call us criminals. We exist without skin color, without nationality, > without religious bias… and you call us criminals. You build atomic bombs, you > wage wars, you murder, cheat, and lie to us and try to make us believe it’s > for our own good, yet we’re the criminals...

Palo Alto’s crosswalk signals were hacked last year. Turns out the city never changed the default passwords.

Someone hacked an Italian ferry. It looks like the malware was installed by someone on the ferry, and not remotely.

News: > The Danish Defence Intelligence Service (DDIS) announced on Thursday that > Moscow was behind a cyber-attack on a Danish water utility in 2024 and a > series of distributed denial-of-service (DDoS) attacks on Danish websites in > the lead-up to the municipal and regional council elections in November. > > The first, it said, was carried out by the pro-Russian group known as > Z-Pentest and the second by NoName057(16), which has links to the Russian > state. Slashdot thread.

At least some of this is coming to light: > Doublespeed, a startup backed by Andreessen Horowitz (a16z) that uses a phone > farm to manage at least hundreds of AI-generated social media accounts and > promote products has been hacked. The hack reveals what products the > AI-generated accounts are promoting, often without the required disclosure > that these are advertisements, and allowed the hacker to take control of more > than 1,000 smartphones that power the company. > > The hacker, who asked for anonymity because he feared retaliation from the > company, said he reported the vulnerability to Doublespeed on October 31. At > the time of writing, the hacker said he still has access to the company’s > backend, including the phone farm itself. ...

The Department of Justice has indicted thirty-one people over the high-tech rigging of high-stakes poker games. > In a typical legitimate poker game, a dealer uses a shuffling machine to > shuffle the cards randomly before dealing them to all the players in a > particular order. As set forth in the indictment, the rigged games used > altered shuffling machines that contained hidden technology allowing the > machines to read all the cards in the deck. Because the cards were always > dealt in a particular order to the players at the table, the machines could > determine which player would have the winning hand. This information was > transmitted to an off-site member of the conspiracy, who then transmitted that > information via cellphone back to a member of the conspiracy who was playing > at the table, referred to as the “Quarterback” or “Driver.” The Quarterback > then secretly signaled this information (usually by prearranged signals like > touching certain chips or other items on the table) to other co-conspirators > playing at the table, who were also participants in the scheme. Collectively, > the Quarterback and other players in on the scheme (i.e., the cheating team) > used this information to win poker games against unwitting victims, who > sometimes lost tens or hundreds of thousands of dollars at a time. The > defendants used other cheating technology as well, such as a chip tray > analyzer (essentially, a poker chip tray that also secretly read all cards > using hidden cameras), an x-ray table that could read cards face down on the > table, and special contact lenses or eyeglasses that could read pre-marked > cards. ...

These days, the most important meeting attendee isn’t a person: It’s the AI notetaker. This system assigns action items and determines the importance of what is said. If it becomes necessary to revisit the facts of the meeting, its summary is treated as impartial evidence. But clever meeting attendees can manipulate this system’s record by speaking more to what the underlying AI weights for summarization and importance than to their colleagues. As a result, you can expect some meeting attendees to use language more likely to be captured in summaries, timing their interventions strategically, repeating key points, and employing formulaic phrasing that AI models are more likely to pick up on. Welcome to the world of AI summarization optimization (AISO)...

AI agents are now hacking computers. They’re getting better at all phases of cyberattacks, faster than most of us expected. They can chain together different aspects of a cyber operation, and hack autonomously, at computer speeds and scale. This is going to change everything. Over the summer, hackers proved the concept, industry institutionalized it, and criminals operationalized it. In June, AI company XBOW took the top spot on HackerOne’s US leaderboard after submitting over 1,000 new vulnerabilities in just a few months. In August, the seven teams competing in DARPA’s AI Cyber Challenge ...

The case is over: > A jury has awarded WhatsApp $167 million in punitive damages in a case the > company brought against Israel-based NSO Group for exploiting a software > vulnerability that hijacked the phones of thousands of users. I’m sure it’ll be appealed. Everything always is.