RISKS-LIST: Risks-Forum Digest Monday 29 Jul 2024 Volume 34 : Issue 38

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/34.38>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
Lithium Battery Fire Traps Drivers in Sweltering Heat on 'California Highway
(The New York Times)
Spy v spy v spy: Jamming home wifi's by crims & cops (Henry Baker)
Lawmaker uses AI voice clone to address Congress (BBC via Matthew Kruk)
AI May Save Us, or May Construct Viruses to Kill Us (NYTimes)
Robots sacked, screenings shut down: a new movement of Luddites is rising up
against AI (Ed Newton-Rex)
Restrictions on AI training data (NYTimes via Jim Geissman)
Apple signs on to Biden's responsible AI guidelines (Politico)
Crypto fanatics flock to Trump, hoping to *make bitcoin great again*.
(WashPost)
Devastating ransomware attack shuts down L.A. County courts
Proofpoint Email Routing Flaw Exploited to Send Millions
of Spoofed Phishing Emails (The Hacker News)
Prominent Short Seller Made Millions Off Bait-and-Switch Scheme,
U.S. Says (NYTimes)
Secure Boot is completely broken on 200+ models from 5 big device makers
(Ars Technica)
Hackers steal call records of 'nearly all' AT&T customers (BBC)
Security Firm Discovers Remote Worker Is North Korean Hacker (Michael Kan)
New Israeli Spyware (Israel News)
Windows resiliency: Best practices and the path forward
(MS vis PGN)
Google reverts TV YouTube app to original search history behavior
(Lauren Weinsteain)
CrowdStrike and fuzz testing (Martin Ward)
Re: U.S. Gender Care Is Ignoring ... (Julizn Bradford)
Re: Switzerland now requires all government software to be open source
(Amos Shapir)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Sun, 28 Jul 2024 01:29:04 -0400
From: "Gabe Goldberg" <gabe@gabegold.com>
Subject: Lithium Battery Fire Traps Drivers in Sweltering Heat on 'California Highway (The New York Times)

Traffic was at a standstill for hours on a portion of I-15 near Baker,
Calif., after a truck carrying lithium batteries overturned and caught
fire. [...]

Drivers were stuck in traffic in 109-degree heat on a California highway
on Saturday for hours as the authorities struggled to extinguish a fire
involving a truck carrying lithium ion batteries that had overturned on
Friday.

“Multiple attempts were made to move the container from the freeway
shoulder to open land using heavy equipment,” the San Bernardino County
Fire Protection District said on social media on Saturday. “However, the
container’s weight, exceeding 75,000 pounds, has made these efforts
unsuccessful so far.”

https://www.nytimes.com/2024/07/27/us/battery-fire-traffic-nevada-california.html?smid=nytcore-ios-share&referringSource=articleShare&sgrp=c-cb

------------------------------

Date: Sun, 28 Jul 2024 22:07:16 +0000
From: Henry Baker <hbaker1@pipeline.com>
Subject: Spy v spy v spy: Jamming home wifi's by crims & cops

Those wifi cameras that you just installed to spy on your own home (and
AirBnB guests?):

Jammed by both crims and cops!

FCC: "Yes, Wi-Fi devices that comply with FCC technical standards **must
accept interference**, including interference that may cause undesired
operation. This is because the FCC's Part 15 federal regulation limits the
amount of electromagnetic interference that electronic devices can cause,
and requires that they operate without interfering with authorized radio
services."

https://www.pcworld.com/article/2405434/burglars-are-jamming-wi-fi-security-cameras.html

Burglars are jamming Wi-Fi security cameras -- here's what you can do

Tech-savvy thieves are finding new ways to circumvent wireless networked
security cameras like Ring and Nest.

By Michael Crider Staff Writer, PCWorld Jul 22, 2024 9:24 am PDT

https://www.404media.co/dhs-has-a-ddos-robot-to-disable-internet-of-things-booby-traps-inside-homes/

DHS Has a DoS Robot to Disable Internet of Things 'Booby Traps' Inside
Homes

Jason Koebler Jul 22, 2024 at 9:50 AM

"NEO carries an onboard computer and **antenna array** that will allow
officers the ability to create a 'denial-of-service' event to disable
'Internet of Things' devices that could potentially cause harm while
entry is made."

....
https://www.fcc.gov/document/consumer-alert-using-or-importing-jammers-illegal

CONSUMER ALERT: Using or Importing Jammers is Illegal

https://www.fcc.gov/general/jammer-enforcement "Local law enforcement
agencies do ***not*** have independent authority to use jamming
equipment; in certain limited exceptions use by Federal
law-enforcement agencies is authorized in accordance with applicable
statutes.

------------------------------

Date: Thu, 25 Jul 2024 21:57:30 -0600
From: Matthew Kruk <mkrukg@gmail.com>
Subject: Lawmaker uses AI voice clone to address Congress

We talk about the risks of AI. Thought I'd pass along a non-risk, indeed a
benefit. Let's hope for more.

https://www.bbc.com/news/videos/c728q850e5do

Virginia Congresswoman Jennifer Wexton used an artificial intelligence (AI)
programme to address the House on Thursday. A year ago, the lawmaker was
diagnosed with progressive supranuclear palsy, which makes it difficult for
her to speak.

The AI programme allowed Wexton to make a clone of her speaking voice using
old recordings of appearances and speeches she made in Congress. Wexton
appears to be the first person to speak on the House floor with a voice
recreated by AI.

[Indeed, a positive use for something that is so easily misused. PGN]

------------------------------

Date: Sat, 27 Jul 2024 22:25:52 -0600
From: "Matthew Kruk" <mkrukg@gmail.com>
Subject: AI May Save Us, or May Construct Viruses to Kill Us
(NYTimes)

https://www.nytimes.com/2024/07/27/opinion/ai-advances-risks.html

Here’s a bargain of the most horrifying kind: For less than $100,000,
it may now be possible to use artificial intelligence to develop a
virus that could kill millions of people.

That’s the conclusion of Jason Matheny, the president of the RAND
Corporation, a think tank that studies security matters and other
issues.

“It wouldn't cost more to create a pathogen that’s capable of killing
hundreds of millions of people versus a pathogen that’s only capable
of killing hundreds of thousands of people,” Matheny told me.

In contrast, he noted, it could cost billions of dollars to produce a new
vaccine or antiviral in response.

------------------------------

Date: Mon, 29 Jul 2024 06:50:26 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: Robots sacked, screenings shut down: a new movement of Luddites is
rising up against AI (Ed Newton-Rex)

Robots sacked, screenings shut down: a new movement of luddites is
rising up against AI

Earlier this month, a popular lifestyle magazine introduced a new “fashion
and lifestyle editor” to its huge social media following. “Reem”
<https://sheerluxe.com/fashion/meet-our-new-ai-enhanced-editor-reem>, who on
first glance looked like a twentysomething woman who understood both fashion
and lifestyle, was proudly announced as an “AI enhanced team member”. That
is, a fake person, generated by artificial intelligence. Reem would be
making product recommendations to SheerLuxe’s followers – or, to put it
another way, doing what SheerLuxe would otherwise pay a person to do. The
reaction was entirely predictable: outrage
<https://www.bbc.com/news/articles/c3gw720vz3lo>, followed by a hastily
issued apology. One suspects Reem may not become a staple of its editorial
team.

This is just the latest in a long line of walkbacks of “exciting AI
projects” that have been met with fury by the people they’re meant to
excite. The Prince Charles Cinema in Soho, London, canceled
<https://www.bbc.co.uk/news/articles/cjll3w15j0yo.amp> a screening of an
AI-written film in June, because its regulars vehemently objected. Lego was
pressured <https://www.axios.com/2024/03/15/lego-ai-ninjago-images> to take
down a series of AI-generated images it published on its website. Doctor Who
started experimenting with generative AI, but quickly stopped after a wave
of complaints.
<https://gizmodo.com/doctor-who-ai-bbc-complaints-response-disney-plus-1851363443>
A company swallows the AI hype, thinks jumping on board will paint it as
innovative, and entirely fails to understand the growing anti-AI sentiment
taking hold among many of its customers.

Behind the backlash is a range of concerns about AI. Most visceral is its
impact on human labour: the chief effect of using AI in many of these
situations is that it deprives a person of the opportunity to do the same
work. Then there is the fact that AI systems are built by exploiting the
work
<https://www.noemamag.com/the-exploited-labor-behind-artificial-intelligence/>
of the very people they’re designed to replace, trained on their creative
output and without paying them. The technology has a tendency to sexualise
women
<https://www.theguardian.com/technology/2023/feb/08/biased-ai-algorithms-racy-women-bodies>,
is used to make deepfakes, has caused tech companies to miss climate targets
<https://www.theguardian.com/business/article/2024/jul/04/can-the-climate-survive-the-insatiable-energy-demands-of-the-ai-arms-race>
and is not nearly well enough understood for its many risks to be
mitigated. This has understandably not led to universal adulation. As Hayao
Miyazaki, the director of Studio Ghibli, the world-renowned animation
studio, has said: “I am utterly disgusted … I strongly feel that [AI] is an
insult to life itself.” [...]