RISKS-LIST: Risks-Forum Digest Thursday 15 February 2024 Volume 34 : Issue 07

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/34.0xy>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
Waymo recalls software after two self-driving cars hit the same truck (CNN)
Tesla's latest screwup involves making the font size of its braking system
too small (The Verge)
OpenAI Gives ChatGPT a Memory (WiReD)
Imran Khan's 'Victory Speech' from Jail Shows AI's Peril, Promise"
(Yan Zhuang)
Threats to Election Systems Prompt U.S. Cybersecurity Agency
to Boost Cooperation with States (Christina A. Cassidy)
Odometers: A voting machine analogue (Jeremy Epstein)
Spying on Security Cameras Through Walls (Rizwan Choudhury)
Cryptography-Breaking Algorithm Upgraded (Madison Goldberg)
How a 27-Year-Old Codebreaker Busted the Myth of Bitcoin's Anonymity (WiReD)
Anxiety, Mood Swings and Sleepless Nights: Life Near a Bitcoin Mine
(NYTimes via Jan Wolitzky)
Amazon Prime Video Ad Tier Sparks Class Action Lawsuit From Subscribers
(Hollywood Reporter)
Noname Storage Devices are not always what they seem (ArsTechnica)
Mozilla lays off 60 people, wants to build AI into Firefox (ArsTechnica)
Robocalls, ringless voicemails and AI: Real estate enters the age of
automation (LA Times)
Uber Fined Almost $11 Million by Dutch Privacy Watchdog (WSJ)
Automatic braking systems don't work at typical speeds?
(Steve Bacher on LA Times coverage)
Chrome devs working on automatic micropayments to websites without
user interactions directly from wallets (The Register)
Small outtakes from a big war, part 4: The end of GPS (Amos Shapir)
Canada declares Flipper Zero public enemy No. 1 in
car-theft crackdown (ArsTechnica)
Google Scholar can be manipulated (arxiv via LW)
Google's and Microsoft's chatbots are making up Super Bowl stats
(TechCrunch)
There's a hole in the boot, part deux (Cliff Kilby)
Amazon hides cheaper items with faster delivery, lawsuit alleges
(ArsTechnica)
Russia Is Using Elon Musk’s Starlink at the Front Line, Ukraine Says
(WSJ)
Tech giants prepare pledge to fight deceptive AI election content (Politico)
Help! His HP Envy doesn't work. Can he get a replacement or a refund?
(Gabe Goldberg)
Re: Why the 737 MAX 9 door plug blew out (Henry Baker)
The Friar Who Became the Vatican's Go-To Guy on AI (NYTimes)
Why Bloat Is Still Software’s Biggest Vulnerability (Steve Bacher)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Wed, 14 Feb 2024 16:11:51 -0500
From: Monty Solomon <monty@roscom.com>
Subject: Waymo recalls software after two self-driving cars hit
the same truck (CNN)

https://www.cnn.com/2024/02/14/business/waymo-recalls-software-after-two-self-driving-cars-hit-the-same-truck/index.html

[Redundancy is supposed to be constructive! PGN]

------------------------------

Date: Fri, 2 Feb 2024 18:40:07 -0500
From: Monty Solomon <monty@roscom.com>
Subject: Tesla's latest screwup involves making the font size
of its braking system too small (The Verge)

https://www.theverge.com/2024/2/2/24059114/tesla-recall-brake-system-font-size-power-steering

------------------------------

Date: Tue, 13 Feb 2024 20:21:54 PST
From: "Peter G. Neumann" <Neumann@CSL.SRI.COM>
Subject: OpenAI Gives ChatGPT a Memory (WiReD)

[Give it a memory so it will remember its previous
misrepresentations, and repeat them??? PGN]

https://www.wired.com/story/chatgpt-memory-openai/

ChatGPT is now like a first date who never forgets the details.

------------------------------

Date: Wed, 14 Feb 2024 11:19:18 -0500 (EST)
From: ACM TechNews <technews-editor@acm.org>
Subject: Imran Khan's 'Victory Speech' from Jail Shows AI's Peril, Promise"
(Yan Zhuang)

Yan Zhuang, *The New York Times*, 11 Feb 2024

Despite being imprisoned, former Pakistan Prime Minister Imran Khan has
garnered support for his political party using AI. Khan's AI-generated voice
was used to make a victory speech on Feb. 10, stating that his party,
Pakistan Tehreek-e-Insaf, won the most seats in the general election. The
speech, which featured a disclaimer about the use of AI, rejected the
victory claim of Khan's rival and called on supporters to defend the
election's results

------------------------------

Date: Wed, 14 Feb 2024 11:19:18 -0500 (EST)
From: ACM TechNews <technews-editor@acm.org>
Subject: Threats to Election Systems Prompt U.S. Cybersecurity Agency
to Boost Cooperation with States (Christina A. Cassidy)

Christina A. Cassidy, *Associated Press*,8 Feb 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is rolling
out a program to help state and local election officials enhance election
security. The agency hired 10 new people for the program, each with
significant election experience, who will be placed at various locations
nationwide to work alongside staff already performing cyber and physical
security reviews as requested by election offices.

------------------------------

Date: Tue, 13 Feb 2024 10:19:42 -0500
From: Jeremy Epstein <jeremy.j.epstein@gmail.com>
Subject: Odometers: A voting machine analogue

I had a conversation with someone this morning about electronic
odometers in modern cars. If you recall, they were mandated because
the old (mechanical) odometers were being rolled back, allowing used
cars to be sold for higher prices.

Maybe others were aware, but electronic odometers are now rolled
back. If you go to eBay, "odometer correction tools" for ~$300 can
make whatever adjustments you want. They're not subtle -- on one I
looked at, it shows the before and after odometer reading, subtracting
off 40,000 kilometers. (I don't know if the devices are illegal in
the US, or just the act of changing the odometer.) Carfax claims that
rollbacks are up significantly in the past few years (*). I'd imagine
they have some incentive to detecting manipulations, since they could
get sued by the consumer (or state) if they sell vehicles with
tampered odometers.

Anyway, the motivation for moving from paper to [particularly
unauditable] DREs 25 years ago was (in part) to reduce ballot fraud,
and we know how that went. I'm not predicting a return to mechanical
odometers the way we've returned to paper ballots, but I found it an
interesting analogue. Moving to electronic systems doesn't always
have the expected result!

(*) https://www.carfax.com/press/resources/odometer

[This item is repurposed with permission from a list devoted to
trustworthy elections. However, this bit of wisdom also applies to
the audit trails for security, reliability, and trustworthiness
monitoring if they can be surreptitiously altered. PGN]

------------------------------

Date: Wed, 14 Feb 2024 11:19:18 -0500 (EST)
From: ACM TechNews <technews-editor@acm.org>
Subject: Spying on Security Cameras Through Walls (Rizwan Choudhury)

Rizwan Choudhury, *Interesting Engineering*, 11 Feb 2024

Northeastern University researchers have developed a way to access video
feeds from home security, dashboard, and smartphone cameras through
walls. The EM Eye technique detects electromagnetic radiation emitted by the
cameras' wires using a radio antenna, decodes the signal, and uses machine
learning to reproduce real-time video without sound at a similar quality as
the original. A test on 12 different types of cameras revealed that,
depending on the model, EM Eye could successfully eavesdrop within a range
of up to 16 feet.

------------------------------

Date: Wed, 14 Feb 2024 11:19:18 -0500 (EST)
From: ACM TechNews <technews-editor@acm.org>
Subject: Cryptography-Breaking Algorithm Upgraded (Madison Goldberg)

Madison Goldberg, *WiReD*, 11 Feb 2024

Cryptographers at the University of California, San Diego have developed a
more efficient LLL-style algorithm, based on the original lattice-based
cryptography-breaking algorithm released in 1982. The algorithm, named after
the researchers who published it -- Arjen Lenstra, Hendrik Lenstra Jr., and
L=C2=B7szl=C3=9B Lov=C2=B7sz -- has also proven useful in advanced
mathematical arenas such as computational number theory. The new algorithm
can break tasks down into smaller pieces and better balance speed and
accuracy.

------------------------------

Date: Fri, 9 Feb 2024 12:21:14 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: How a 27-Year-Old Codebreaker Busted the Myth
of Bitcoin's Anonymity (WiReD)

Once, drug dealers and money launderers saw cryptocurrency as perfectly
untraceable. Then a grad student named Sarah Meiklejohn proved them all
wrong —- and set the stage for a decade-long crackdown.

https://www.wired.com/story/27-year-old-codebreaker-busted-myth-bitcoins-anonymity