RISKS-LIST: Risks-Forum Digest Friday 28 April 2023 Volume 33 : Issue 69

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.69>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents: Way backlogged. Items coming in too frequently!!! PGN
Farmers crippled by satellite failure as GPS-guided tractors grind to a halt
(Sydney Morning Herald)
GPS clock turnover -- again and again (GPS)
Russian pranksters posing as Zelensky trick Fed Chair Jerome Powell
(WashPost)
Large amount of content missing from RISKS-33.68 (Steve Bacher)
There's a new form of keyless car theft that works in under 2 minutes
(Ars Technica)
eFile tax website served malware to visitors for weeks (AppleInsider)
California Man Falls In Love With AI Chatbot Phaedra (India Times)
Actor kicked out of Facebook for impersonating his stage character
(Amos Shapir)
*Intelligence leak* (Rob Slade)
Fox News vs Dominion Voting Systems (NYTimes articles via PGN)
The Crypto Detectives Are Cleaning Up (The New York Times)
To avoid an AI *arms race*, the world needs to expand scientific
collaboration (Charles Oppenheimer)
ChatGPT falsely told voters their mayor was jailed for bribery. (WashPost)
Why regulators in Canada and Italy are digging into ChatGPT's use of
personal information (CBC)
ChatGPT is making up fake Guardian articles. Here's how we are responding
(The Guardian)
ChatGPT detector tools resulting in false accusations of students for
cheating (USA Today)
On the Impossible Security of Very Large Foundation Models (El-Mhamedi via
Prashanth Mundkur)
AI vs the culture industry (Politico)
In AI Race, Microsoft and Google Choose Speed Over Caution (NYTimes)
AI is now indistinguishable from reality (via geoff goodfellow)
In Defense of Merit in Science (via geoff goodfellow)
ICE Records Reveal How Agents Abuse Access to Secret Data (WiReD)
Security breaches covered up by 30% of companies, reveals study (9to5mac)
Why it's hard to defend against AI prompt injection (The Register)
Lawmakers Introduce Bill to Keep AI from Going Nuclear (nextgov.com)
Mercenary spyware hacked iPhone victims with rogue calendar invites,
researchers say (Tech Crunch)
Chinese spy balloon gathered intelligence from sensitive U.S. military
sites, despite U.S. efforts to block it (NBC News)
Nearly eight years of breath test results cannot be used in drunk-driving
prosecutions, SJC rules (The Boston Globe)
The Huge 3CX Breach Was Actually 2 Linked Supply Chain Attacks (WiReD)
Re: Metro operator investigated for using automation system without
clearance (Steve Bacher)
Re: OpenSSL KDF and secure by default (Cliff Kilby)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Wed, 19 Apr 2023 07:46:44 -0700
From: geoff goodfellow <geoff@iconia.com>
Subject: Farmers crippled by satellite failure as GPS-guided tractors grind
to a halt (Sydney Morning Herald)

Tractors have ground to a halt in paddocks across Australia and New Zealand
because of a signal failure in the satellite farmers use to guide their
GPS-enabled machinery, stopping them from planting their winter crop.

The satellite failure on Monday was a bolt from the blue for farmers in NSW
and Victoria, who were busy taking advantage of optimal planting conditions
for crops including wheat, canola, oats, barley and legumes.

``You couldn't have picked a worse time for it,''D said Justin Everitt, a
grain grower in the Riverina who heads NSW Farmers' grains committee.
``Over the past few years, all these challenges have been thrown at us, but
this is just one we never thought would come up.''

Tractors that pull seed-planting machinery, as well as the massive combine
harvesters that reap Australia's vast grain crops, are high-tech beasts that
can cost hundreds of thousands of dollars.

They are enabled with GPS tracking and can be guided to an accuracy within
two centimetres, enabling seed-planting equipment to sow crops with
precision to drive up efficiency, prevent wastage and boost environmental
sustainability.

All that went out the window when the Inmarsat-41 satellite signal failed.

Katie McRobert, general manager at the Australia Farm Institute, said
Australian farmers sourced their GPS signal from one satellite, which was a
critical risk to rural industries.

Having all your GPS eggs in one basket is a vulnerability on a good day,
and a fatal weakness on a bad one,'' McRobert said.

``If the Medibank and Optus data breaches didn't make the agriculture
industry sit up and take notice, the implementation of kill switches on
stolen Ukrainian tractors in 2022 should have been a three-alarm wake-up
call. [...]

https://www.smh.com.au/national/farmers-crippled-by-satellite-failure-as-gps-guided-tractors-grind-to-a-halt-20230418-p5d1de.html

------------------------------

Date: Fri, 7 Apr 2023 13:21:31 PDT
From: Peter Neumann <neumann@csl.sri.com>
Subject: GPS clock turnover -- again and again

Bernie Cosell asked Victor Miller a question, which Victor
referred to me.

This is very strange: this morning, my cell phone thinks it is August 18th
2003. It is *supposed* to get the time/date from the network. What could
have caused this? I guess I can turn the network off and put in the right
time/date by hand, but any ideas how my phone could have gotten so
confused??

Apparently it's just one more 1024-week turnover, as reported in RISKS-20.07
The reset is apparently receiver-dependent, e.g., resetting to 6 Jan 1980 or
the previous reset date, as in Bernie's case:

THE POTENTIAL RESETTING OF GLOBAL POSITIONING
SYSTEM (GPS) RECEIVER INTERNAL CLOCKS

1 Introduction

1.1 The timing mechanism within GPS satellites may cause some GPS
equipment to cease to function after 22 August 1999 due to a coding
problem. The GPS measures time in weekly blocks of seconds starting from 6
January 1980. For example, at midday on Tuesday 17 September 1996, the
system indicates week 868 and 302,400 seconds. However, the software in
the satellites' clocks has been configured to deal with 1024
weeks. Consequently on 22 August 1999 (which is week 1025, some GPS
receivers may revert to week one (i.e., 6 January 1980).

1.2 Most airborne GPS equipment manufacturers are aware of the potential
problem and either have addressed the problem previously, or are working
to resolve it. However, there may be some GPS equipment (including
portable and hand held types) currently used in aviation that will be
affected by this potential problem.

2 Action to be taken by Aircraft Operators Aircraft operators, who use GPS
equipment (including portable and hand held types), as additional radio
equipment to the approved means of navigation, should enquire from the GPS
manufacturer whether the GPS equipment will exhibit the problem. Equipment
that exhibits the problem must not be used after 21 August 1999 and either
be removed from the aircraft or its operation inhibited.

For the Civil Aviation Authority, Safety Regulation Group, Aviation House,
Gatwick Airport South, West Sussex RH6 OYR

Does anyone know if there have been any desire to automagically fix this
problem? or do we just continue to kick the can down another 1024 days?
PGN

------------------------------

Date: Thu, 27 Apr 2023 22:49:16 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Russian pranksters posing as Zelensky trick Fed Chair Jerome Powell
(WashPost)

https://www.washingtonpost.com/business/2023/04/27/russian-pranksters-posing-zelensky-trick-fed-chair-jerome-powell/

------------------------------

Date: Sat, 8 Apr 2023 08:49:47 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: Large amount of content missing from RISKS-33.68

And this is no April Fool's joke, is it. All of the articles from " In Gen
Z's world of dupes, fake is fabulous -- until you try it on
<https://catless.ncl.ac.uk/Risks/33/68#subj2>" through " AI-Powered Vehicle
Descriptions: Save Money, Save, Time, Sell More!
<https://catless.ncl.ac.uk/Risks/33/68#subj9>" are missing. The first
article ends with a link from the ninth article, which was strange in
itself.

[I don't think I have ever had an emacs moment like this, Where I managed
to lose a large chunk of something without immediately noticing it and
being able to yank the deleted text back -- in this case *after* the
complete issue had been spelling checked and date checked, all set up with
the final insertion of the grep-generated ToC in the right order. Perhaps
I tried incorrectly to move one item to a different position in the issue.
If anyone has a pargticular hankering for the missing items, you might try
browsing on the Subject: line of the missing item. I am very short of
spare time at the moment, and seriously backlogged since 7 April. I also
may have lost a few items from the week before 1 April in the shuffle.
However, now it feels like water under the bridge. Here's a start.
Bummer. PGN]