In perhaps the most adorable hacking story of the year, a trio of technologists in India found an innovative way to bypass Apple’s location restrictions on the AirPod Pro 2 so they could enable the headphones’ headphone feature for their grandmothers. The hack involved a homemade Faraday cage, a microwave, and a lot of trial and error.
At the other end of the spectrum of technological advances, the US military is currently testing an AI-enabled machine gun that is capable of automatically targeting swarms of drones. The Bullfrog, built by Allen Control Systems, is one of several advanced weapons technologies being worked on to combat the growing threat of small, cheap drones on the battlefield.
The U.S. Department of Justice announced this week that an 18-year-old California man admitted to carrying out or orchestrating more than 375 swatting attacks across the United States.
Then, of course, there is the Donald Trump of all this. This week we published a practical guide to protecting yourself from government surveillance. Of course, WIRED has covered the dangers of government surveillance for decades. But when the president-elect explicitly threatens to jail his political enemies, whoever they may be, it’s probably a good time to brush up on your digital best practices.
In addition to potential surveillance of American citizens, U.S. Immigration and Customs Enforcement began ramping up its surveillance arsenal the day after Trump won re-election. Meanwhile, experts expect the incoming administration to roll back cybersecurity regulations instituted during Joe Biden’s presidency while taking a tougher line against state-sponsored adversary hackers. And if all this political turmoil has you in the mood to protest, be warned: Research published jointly by WIRED and The Marshall Project found that mask bans instituted in several states add a complicated new layer to the exercise of free speech.
And that’s not all. Each week, we round up the privacy and security news that we didn’t cover in depth. Click on the headlines to read the full stories and stay safe.
In August 2016, approximately 120,000 bitcoins (worth around $71 million at the time) were stolen in a hack of the Bitfinex cryptocurrency exchange. Then, in 2022, as the value of cryptocurrencies had skyrocketed, law enforcement officials in New York arrested husband and wife Ilya Lichtenstein and Heather Morgan in connection with hacking and laundering a highly inflated $4.5 billion. in stolen cryptocurrencies. (At that time, law enforcement investigators recovered $3.6 billion of the funds.)
This week, after pleading guilty in 2023, Lichtenstein was sentenced to five years in prison for carrying out the hack and laundering the profits. With subsequent cryptocurrency spikes and additional seizures related to the hack, the US government has now been able to recover more than 10 billion dollars in assets. A series of operational security failures by Lichtenstein made much of the illicit cryptocurrency easy for officials to confiscate, but investigators also applied sophisticated cryptocurrency tracing methods to discover how the funds had been stolen and subsequently moved.
Aside from the brazen scale of the heist, Lichtenstein and Morgan gained prominence and ridicule online after their arrests due to a series of Forbes articles written by Morgan and rap videos posted on YouTube under the name “Razzlekhan”. Morgan, who also pleaded guilty, will be sentenced Nov. 18.
Fraudsters are increasingly adopting AI as part of their criminal tools, using the technology to create deepfakes, translate scripts and make their operations more efficient. But artificial intelligence also turns against scammers. British telecommunications company Virgin Media and its mobile operator O2 have created a new “AI grandmother” that can respond phone calls from scammers and keep them talking. The system uses different AI models, according to The Register, which listen to what a scammer says and respond immediately. In one case, the company says it kept a scammer on the line for 40 minutes and provided others with false personal information. Unfortunately, the system (at least for the moment) cannot directly answer calls made to your phone; Instead, O2 created a specific phone number for the system, which the company says it managed to place on lists of numbers that scammers call.
In a new legal strategy for those trying to hold commercial spyware providers accountable, lawyer Andreu Van den Eynde, who was allegedly hacked with NSO Group’s spyware, directly accuses two of the company’s founders, Omri Lavie and Shalev Hulio, already one of its executives. , Yuval Somekh, of computer hacking crimes in a lawsuit. Iridia, a Barcelona-based human rights nonprofit, announced this week that it filed the complaint with a Catalan court. Van den Eynde was reportedly the victim of a hacking campaign that used NSO’s famous Pegasus spyware against at least 65 Catalans. Van den Eynde and Iridia originally sued NSO Group in a Barcelona court in 2022 along with its subsidiaries Osy Technologies and Q Cyber Technologies. “The people responsible for NSO Group have to explain their specific activities,” wrote a legal representative of Iridia and Van den Eynde in the complaint, written in Catalan and translated by TechCrunch.
Research published this week by mobile device management company Jamf found that hackers linked to North Korea have been working to implant malware inside macOS applications built with a particular open source software development kit. The campaigns focused on cryptocurrency-related targets and involved infrastructure similar to systems that have been used by North Korea’s notorious Lazarus Group. It is unclear whether the activity resulted in an actual compromise of the victim or whether it was still in a testing phase.
Financially motivated, state-backed hackers are less likely to use malware targeting Apple Mac computers than hacking tools that infect Microsoft Windows or Linux desktops and servers. So when Mac malware emerges, it’s usually a niche spot, but it can also be a telling indicator of trends and priorities among hackers.