A hackable robotic lawn mower opens up a new nightmare

Crash for the finals It’s bad enough without suddenly shutting down the platform you use to do your schoolwork. Unfortunately for countless students across the US, that’s exactly what they faced Thursday after Canvas went into “maintenance mode” following a ransomware attack on education technology company Instructure. Hackers using the name ShinyHunters have claimed responsibility for the hack, and experts say the chaos they caused shows the lengths these actors will go to blackmail their victims.

Did you know that Google Chrome includes an automatic download of the Gemini Nano AI model? If not, you won’t be alone. People using Google’s popular browser realized this week that Gemini Nano has been taking up 4GB of space on their desktops since 2024, sparking alarm and concerns about privacy. Fortunately, you can disable the AI ​​model, but not without losing some useful security features. Obviously, you can also download a different browser for free.

Researchers this week revealed that thousands of encrypted applications have been left exposed on the open web, exposing sensitive corporate and personal data. The security failures serve as a reminder: Just because you can program something doesn’t necessarily mean you should.

The Department of Homeland Security has subpoenaed Google in an attempt to obtain location data and account activity of a Canadian man who criticized U.S. immigration enforcement tactics in the wake of the killings of Rene Judd and Alex Peretti in Minneapolis early this year. This week, the American Civil Liberties Union filed a complaint against the Department of Homeland Security on behalf of the man, who has not visited the United States in more than 10 years.

Scammers, low-level hackers and other cybercriminals have joined the ranks of humanity yearning to be freed from the lapses of artificial intelligence, according to new research. Meanwhile, Meta is developing age verification technology after a study found that children are cheating online age verifications using simple techniques – including a child hero who circumvented online age verification by drawing on a fake moustache. Finally, we detail Russia’s efforts to create a domestic competitor to its Starlink satellite internet service — with all the privacy and security concerns that entails.

And there’s more. Every week we round up security and privacy news that we haven’t covered in depth ourselves. Click on the titles to read the full stories. And stay safe out there.

Most people hope that a 200-pound robot with blades in their backyard can’t be easily hacked. Unfortunately for the owners of the Yarbo, a $5,000 lawn mower robot that can also function as a leaf blower, snow blower, and edger, that wasn’t the case. The Verge reports that a security researcher found several botnet vulnerabilities that could allow hackers to take control of devices remotely (including their camera feeds), as well as extract owners’ email addresses, Wi-Fi passwords, and home locations.

After a Yarbo spokesperson told The Verge that “the bot’s diagnostic environment is not publicly available,” the reporter and researcher demonstrated the security flaws and their potential consequences by nearly running over the reporter with a hijacked bot. The company has since reported that it is developing a fix for at least one of the flaws identified by the researcher.

Mark Zuckerberg’s Meta company has withdrawn support for end-to-end encrypted messaging on Instagram, backing away from its plans to protect people’s privacy by providing messages the company can’t snoop on. The company stopped offering encryption on Instagram on May 8, making it easier for the company to technically access direct messages.

After spending years building the encryption systems needed to secure its chat apps, Meta said in 2023 that it had rolled out default encryption for Messenger. She also said she’s offering a subscribeable version of Instagram, which she plans to eventually become the default. However, that day never came, as Meta decided in March of this year that not enough people had signed up, and it would remove the option to encrypt Instagram chats. The shift has angered privacy and security experts who fear the rollback could harm end-to-end encryption efforts around the world.

The Trump administration unveiled a new counterterrorism strategy, which President Donald Trump described as “a return to common sense and peace through strength” in an introduction included in the document. The three largest types of terrorist groups, according to the document, are cartels, Islamist terrorist groups, and “violent left-wing extremists,” which the memo says include anarchists and anti-fascists, and have “anti-American” and “radically pro-trans” ideologies.

The memo promises: “We will use all tools constitutionally available to us to map them at home, determine their membership, map their relationships with international organizations like Antifa, and use law enforcement tools to practically paralyze them before they can maim or kill innocents.”