District man accidentally hacks 6,700 robot vacuum cleaners equipped with cameras

Democrats in Congress are on The Joint Economic Commission released a report this week identifying more than $20.9 billion in consumer losses from identity theft that resulted from four major breaches of data brokerage companies. U.S. Senator Maggie Hassan launched the investigation in August after an investigation by The Markup and CalMatters, reported by WIRED, found that some data brokers were hiding opt-out tools from Google and other search engines.

The US Department of Justice’s recent release of 3 million documents related to convicted sex offender Jeffrey Epstein included Google grand jury subpoenas that shed light on how federal investigators interact with tech companies and how they respond to government requests for information.

The Mexican drug cartel CJNG may have survived the killing of its leader Nemesio “El Mencho” Oseguera Cervantes, thanks in part to its prolific use of technologies such as drones, social media, and artificial intelligence. Meanwhile, the Mexican Navy announced on Thursday that it had seized a semi-submersible ship carrying nearly 4 tons of cocaine as part of a recent initiative to deter drug trafficking in the Pacific. These efforts come as the United States launched its alleged campaign against maritime trafficking with a series of deadly attacks on boats in the Caribbean.

Meanwhile, as assistant AI agents like OpenClaw grow in popularity — and sow chaos around the web — a new open source project called IronCurtain uses a unique design to secure and constrain agent AI before it goes rogue.

And there’s more. Every week we round up security and privacy news that we haven’t covered in depth ourselves. Click on the titles to read the full stories. And stay safe out there.

Placing an autonomous, internet-connected robot in your home should give anyone a moment’s pause. When this robot is a roving vacuum cleaner with a camera and microphone that can be hijacked from anywhere in the world with nothing but its serial number, it becomes a real privacy horror story.

One of the robot owners, Sami Azdoval, discovered this ridiculous vulnerability while trying out the DJI Romo robot vacuum cleaner using a PS5 controller. He found that he could instead control 6,700 robots in 24 countries around the world, with full access to the floor plans they created of their owners’ homes and their video and audio feeds. When The Verge contacted Azdoufal, he was immediately able to access Romo’s device, which belonged to an employee at the tech news outlet, just by knowing its 14-digit serial number. DJI has now fixed the vulnerability in response to a live tweet of his findings by Azdoufal. But the story nonetheless raises serious questions about the security of other voice- or video-enabled IoT gadgets, let alone devices capable of roaming around your home freely.

While the Department of the Interior has been greatly empowered under the Trump administration in its mission to deport millions of immigrants, the organization within the Department of Homeland Security that serves as the United States’ chief cyber defender, the Cybersecurity and Infrastructure Security Agency, has been neglected. Now its acting director, Madhu Gotomukkala, has been replaced as CISA seeks to find a new footing.

Even before that news, CyberScoop reported this week on the crises that have plagued the agency for the entire first year since Trump’s inauguration: a third of employees have been laid off and entire departments at the agency have been shuttered. Nominations for permanent director were blocked in Congress. Its capabilities had withered, and organizations that sought CISA for assistance and partnerships looked elsewhere. Gottumukkala has suffered from his own personal scandals such as firing security personnel after failing a lie detector test and sharing sensitive contracts on ChatGPT. Now, Nick Andersen, who served as CISA’s executive director for cybersecurity, will replace Gottumukkala at the beleaguered agency.

A researcher at King’s College London pitted three popular language models against each other in simulated wargaming scenarios and found that in 95 percent of cases, at least one of the models chose to deploy tactical nuclear weapons. The researcher also found that when the AI ​​model deployed a tactical nuclear weapon, its AI opponent only de-escalated a quarter of the time. None of the companies behind the three models – OpenAI, Google and Anthropic – responded to New Scientist’s request for comment.

The role of artificial intelligence in fighting wars has been in the spotlight this week. Anthropic and the War Department are embroiled in a contract dispute over whether Anthropic’s AI models can be used to operate fully autonomous weapons and mass domestic surveillance. These types of use cases “could undermine rather than defend democratic values,” Dario Amodei, CEO of Anthropic, wrote in a statement. In turn, President Donald Trump threatened to ban the use of humanitarian products, including the Claude chatbot, within the US government. Meanwhile, hundreds of Google and OpenAI employees signed an open letter asking their bosses to “set aside their differences and stand together to continue to reject the War Department’s current demands for authorization to use our models for domestic mass surveillance and to autonomously kill people without human oversight.”

A new app for Android phones called Nearby Glasses lets users search for smart glasses in your vicinity, detecting the presence of wearable gadgets, which are sometimes indistinguishable from regular glasses and allow wearers to record people without their knowledge. The app searches for unique Bluetooth signatures that the glasses emit, and sends users a notification if it detects a source nearby.

The developer told 404 Media that he was inspired to build the app after reading about several incidents involving smart glasses. Over the summer, 404 Media reported that a CBP agent had worn a pair of glasses during an immigration raid, and this fall the outlet also reported that men were using the smart glasses to film massage parlor workers, apparently without their knowledge or consent. In February, The New York Times reported that one developer of smart glasses, Meta, had plans to integrate facial recognition into its glasses, raising new concerns among privacy experts.