RISKS-LIST: Risks-Forum Digest Sunday 29 December 2024 Volume 34 : Issue 51

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/34.51>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents: 40% of backlog included here after month mostly offline.
Canada's food supply under threat (CBC)
"Vendor technology" issue briefly grounds AA (NYTimes)
Sol-Ark manufacturer reportedly disables all Deye inverters in the
U.S. (Solarboi)
Stop&Shop Races to Restock Shelves After Cybersecurity Issue (WSJ)
Bank sends $10M CAD of arts funding to scammers (The Star)
Hackers Can Jailbreak Digital License Plates to
Make Others Pay Their Tolls and Tickets (WiReD)
The Paper Passport Is Dying (WiReD)
U.S. to Probe Chinese Chips (Bloomberg)
Finland Boards Russian-linked Oil Tanker after Undersea Cables Cut
(Sky News)
Japan Airlies Hit by Cyber-attack (Sayumi Take)
Mathematicians Found, Fixed Error in 60-year-old Proof
(Alex Wilkins)
State Department's Disinformation Office to Close (CyberScoop)
How to Make the Drone Panic So Very Much Worse (NYTimes)
Taiwan Wants to Build the West's Drone Army (Antoaneta Roussi)
Authorities abroad use phone-cracking tools to install
spyware, report says (WashPost)
Why are teens losing their minds about college applications? This
senior thinks she knows why (CNN)
Startup will brick $800 emotional support robot
for kids without refunds (Ars Technica)
Man versus autonomous car race ends before it begins
(ArsTechnica)
AI traffic cameras could be watching you on the road (NBC News)
Is the Tech Industry on the Cusp of an AI Slowdown?" (NYTimes)
ChatGPT search tool vulnerable to manipulation and deception, tests show
(The Guardian)
Microsoft refuses a documentation fix because it might not understand text
in tables (Pivot to AI)
Should you trust an AI-assisted doctor? He visited one to see.
(WashPost)
No longer working and just wait until AI agents come along
(The Conversation)
The Next Great Leap in AI Is Behind Schedule and Crazy Expensive
(Deepa Seetharaman)
How Hallucinatory AI Helps Science Dream Up Breakthroughs"\
(William J. Broad)
New York City buses using AI to issue mistaken tickets en masse
(NBC NY)
Australia's under-16 social-media ban to use hand-waving to verify ages with
AI (NPR)
Character.AI allegedly told an autistic teen it was OK
to kill his parents. They're suing to take down the app (CNN Business)
U.S. health insurance: Frustrations with care denials (CNN)
Lyme turns Luigi into assassin (Lymedisease.org)
Ubiquitous Walmart Trojan horse (Reuters via Bob Boyer)
What happens when The Internet disappears? (The Verge)
Indiana bakery still used Commodore 64 in 21st century (Boeingboing)
Re; 'palen' in RISKS-34.50 (Robert R. Fenichel)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Thu, 26 Dec 2024 14:55:29 -0700
From: Matthew Kruk <mkrukg@gmai
Subject: Canada's food supply under threat (CBC)o

https://www.cbc.ca/newsinteractives/features/agri-food-canada-hacking

A string of ransomware attacks, many linked to Russian groups, is worrying
farmers

The oldest piece of equipment on Chris McLaren's southern Ontario dairy farm
is a W4 International, a four-cylinder tractor his grandfather bought in the
1940s.

Among the newest pieces of equipment is an automated calf feeder that reads
a chip in each animal's ear and delivers them preset quantities of heated
milk.

That data is uploaded to a server, and McLaren receives alerts on his phone
if one of his calves isn't drinking enough. If the machine breaks down, a
technician can fix it remotely.

``As farms get bigger and bigger, there gets to be more strain on the time
for the owner and operators of the farm. So moving towards technology allows
you to manage the cattle better,'' said McLaren, whose family has owned the
farm for nearly 160 years.

------------------------------

Date: Tue, 24 Dec 2024 08:47:25 -0800
From: "Jim" <jgeissman@socal.rr.com>
Subject: "Vendor technology" issue briefly grounds AA (NYTimes)

NYT 24 Dec 2024

American Airlines briefly grounded all its flights in the United States on
Tuesday morning, according to a notice from the Federal Aviation
Administration.

The regulator said just before 8 a.m. E.T. that the airline was resuming
flights after suspending them for about an hour.

American said in a statement that it had experienced a vendor technology
issue that affected systems needed to release flights. But the problem was
resolved and flights were resumed.

The airline told customers on social media
<https://x.com/AmericanAir/status/1871520528206295120> that it was
experiencing "a technical issue." In comments to frustrated travelers, it
said it was working to rectify the situation.

------------------------------

Date: Sat, 30 Nov 2024 01:19:50 -0500
From: s teschker <steschker@gmail.com>
Subject: Sol-Ark manufacturer reportedly disables all Deye inverters in the
U.S. (Solarboi)

https://solarboi.com/2024/11/17/sol-ark-oem-disables-all-deye-inverters-in-the-us/

------------------------------

Date: Sat, 23 Nov 2024 22:32:19 -0500
From: Monty Solomon <monty@roscom.com>
Subject: Stop&Shop Races to Restock Shelves After Cybersecurity Issue
(WSJ)

A disruption within the U.S. unit of parent company Ahold Delhaize led to
shortages of produce, meat and dairy products

https://www.wsj.com/articles/stop-shop-races-to-restock-shelves-after-cybersecurity-issue-ba45accb

------------------------------

Date: Sun, 1 Dec 2024 12:06:05 -0500
From: Ed Ravin <eravin@panix.com>
Subject: Bank sends $10M CAD of arts funding to scammers (The Star)

A months-long con with a big payoff - FACTOR, a Canadian arts
organization that distributes grants, received a wad of cash from
the government to pass through to other arts organizations. But when
the money came in, most of it ($10M CAD, around $7.2M U.S.D) was spirited
away:

Five months earlier, FACTOR alleges alleges Scotiabank issued a
digital token to the unauthorized user, who went on to access
the organization’s accounts using an email address “visibly
unrelated to the organization.” Within minutes of the transfer,
the filings state, the user deleted a legitimate FACTOR employee,
along with the organization’s CEO, as authorized users on the
account.

[..] the funds were then wired to the Scotiabank account of a
numbered company in Quebec [...]. From there, the money was
allegedly transferred to a company that converted
it into cryptocurrency.

Full details at:

https://www.thestar.com/entertainment/music/factor-says-scotiabank-failed-to-report-10m-theft-of-money-meant-for-canadian-artists/article_15c1a092-ade3-11ef-8737-b382f3df9261.html

Large enterprises know they have to audit access to important accounts,
a hardware token with root authority issued to a "foreign" email address
would be a big red flag. But smaller organizations are not likely to be
so cyber-savvy or even be aware such a risk exists.

------------------------------

Date: Tue, 17 Dec 2024 13:38:48 -0700
From: Jim Reisert AD1C <jjreisert@alum.mit.edu>
Subject: Hackers Can Jailbreak Digital License Plates to
Make Others Pay Their Tolls and Tickets (WiReD)

Andy Greenberg, WIRED, Dec 16, 2024 6:00 AM

Digital license plates, already legal to buy in a growing number of
states and to drive with nationwide, offer a few perks over their
sheet metal predecessors. You can change their display on the fly to
frame your plate number with novelty messages, for instance, or to
flag that your car has been stolen. Now one security researcher has
shown how they can also be hacked to enable a less benign feature:
changing a car's license plate number at will to avoid traffic tickets
and tolls—or even pin them on someone else.

https://www.wired.com/story/digital-license-plate-jailbreak-hack/

[Also noted by Gabe Goldberg and Steve Bacher. PGN

------------------------------

Date: Fri, 27 Dec 2024 16:06:12 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: The Paper Passport Is Dying (WiReD)

Smartphones and face recognition are being combined to create new digital
travel documents. The paper passport’s days are numbered—despite new privacy
risks.

https://www.wired.com/story/the-paper-passport-is-dying/

[The forgers are already licking their chips. PGN]

------------------------------

Date: Fri, 27 Dec 2024 11:59:33 -0500 (EST)
From: ACM TechNews <technews-editor@acm.org>
Subject: U.S. to Probe Chinese Chips (Bloomberg)

Gregory Korte and Josh Wingrove, Bloomberg (12/23/24)

The U.S. on Monday initiated a trade investigation into China's production
of older types of computer chips, which could ultimately result in tariffs
or other measures, though any decision would be left to the incoming
administration. Chinese companies have been ramping up their production of
these foundational chips, which continue to power a wide variety of
machinery and appliances. "We need resilient supply chains for these chips,
because we saw what happened during COVID when we needed a chip but we can't
have it," said Commerce Secretary Gina Raimondo.