A cyberattack on an in-car breathalyzer company leaves drivers stranded

United States law This week, the implementation took down the Aisuru, Kimwolf, JackSkid and Mossad botnets, a list of cybercrime tools that have infected more than 3 million devices around the world, including many home networks, and have been used to carry out record-breaking cyberattacks. Meanwhile, hundreds of millions of iPhones are currently at risk of being taken over by a new tool called DarkSword that Russian hackers have used to steal victims’ data.

Customer service calls and conversations with Sears Home Services AI bot Samantha were exposed and publicly accessible until a researcher reported the situation, revealing personal details from the calls and conversations, including, in some cases, hours of additional audio that appeared to have been recorded after customers thought the call had ended. WIRED reviewed dozens of Telegram channels containing job listings for “AI face models.” Most of the people who get the jobs are women and are likely to be used as a front for AI scams to steal victims’ money.

Meta recently announced that it will remove end-to-end encryption protection for Instagram Direct messages on May 8, citing low adoption of the feature. The company has long promised security as the default for Instagram chats, and experts fear the bait-and-switch could set a dangerous precedent in the tech industry. In other Meta crypto news, Moxie Marlinspike, the creator of Signal, announced this week that he will be teaming up with the tech giant to integrate his proprietary crypto AI platform Confer into Meta AI in some form.

And there’s more. Every week we round up security and privacy news that we haven’t covered in depth ourselves. Click on the titles to read the full stories. And stay safe out there.

Imagine trying to explain this to your boss: You can’t go to work because your court-ordered breathalyzer won’t let you operate a car —no Because you’re drinking, you swear, but because your alcohol vapor detector was disabled by a cyberattack on the company that makes it.

Intoxalock, a maker of in-car breathalyzers that says 150,000 drivers use them daily across the United States, said it was the target of a cyberattack, leaving its systems “currently down,” according to an announcement posted on its website. Meanwhile, drivers using breathalyzer devices reported being stranded due to the devices being unable to connect to the company’s services. “Our cars are giant paperweights right now through no fault of our own,” one wrote on Reddit. “I’m in charge at work and I feel completely helpless.”

The shutdowns appear to be a result of Intoxalock’s breathalyzers needing periodic calibration that requires connection to the company’s servers. Drivers scheduled to undergo calibration have been suspended and cannot do so due to the company’s downtime, although the company now states on its website that it is offering 10-day extensions for these calibrations due to cybersecurity disruptions, as well as towing services in some cases. Meanwhile, Intoxalock did not clarify what type of cyberattack it is facing or whether hackers have obtained any of the company’s user data.

Back in March 2023, FBI Director Christopher Wray confirmed for the first time that the agency had purchased American phone location data. Although the FBI had previously paid for phone data from commercial data brokers — rather than obtaining a warrant — it has stopped doing so, Wray said. “This has not been active for some time,” Ray claimed. Three years later, the FBI is again purchasing location data that can be used to track Americans.

At a Senate hearing on Wednesday, FBI Director Kash Patel asserted that the agency was purchasing “commercially available information” that he claimed was “consistent with the Constitution” and other laws. “That yielded some valuable intelligence for us,” Patel said. The practice involves the FBI purchasing information from commercial data brokers, who sell vast amounts of data, including phone location information, collected by advertising technology embedded in apps.