Alarming Revelation: Smart Toys Collecting Biometric Data of Children

Each year, the U.S. Public Interest Research Group (PIRG) releases the annual “Trouble in Toyland” report, traditionally focused on identifying safety hazards in conventional children’s toys. However, this year’s report sheds light on a concerning development: the emergence of “smart toys” that present a privacy threat to children and their families.

According to the recently released 38th annual “Trouble in Toyland” report, toys that spy on children are becoming an increasing threat. These risks primarily arise from toys equipped with microphones, cameras, trackers, as well as recalled toys, water beads, counterfeits, and Meta Quest VR headsets.

Teresa Murray, Consumer Watchdog at the U.S. PIRG Education Fund and the report’s author, emphasizes that the most concerning features of smart toys are their ability to collect information, often without parental knowledge or consent. Murray expressed her deep concern about the capabilities of these toys in a press release, describing it as a chilling revelation.Lawrence advises reviewing privacy policies, activating parental controls, disabling cameras and chat functions, turning off location services, enabling two-step verification, securing Wi-Fi networks, and resetting toys before sharing.

Read: https://childrenshealthdefense.org/defender/smart-toys-biometric-data-collection-children/

Chimera Hackers Spent Over 2 Years Looting NXP Chip Designs and IP Before Being Detected

A prolific espionage hacking group with ties to China has spent over two years looting the corporate network of NXP, a Netherlands-based chipmaker. NXP’s silicon powers security-sensitive components found in smartphones, smartcards, and electric vehicles.

The intrusion, by a group tracked under the names “Chimera” and “G0114,” lasted from late 2017 to the beginning of 2020, according to Netherlands national news outlet NRC Handelsblad. During that time, the threat actors managed to access employee mailboxes and network drives in search of chip designs and other NXP intellectual property. The breach wasn’t uncovered until Chimera intruders were detected in a separate company network that connected to compromised NXP systems on several occasions. Details of the breach were kept a closely guarded secret until now.

The NRC cited a report published by the security firm Fox-IT, Abusing Cloud Services to Fly Under the Radar, which documented Chimera using Microsoft and Dropbox cloud services to receive data stolen from semiconductor makers’ networks. Some of these intrusions lasted up to three years before coming to light.

“Once nested on a first computer—patient zero—the spies gradually expand their access rights, erase their tracks in between and secretly sneak to the protected parts of the network,” NRC reporters said. “They try to secrete the sensitive data they find there in encrypted archive files via cloud storage services such as Microsoft OneDrive. According to the log files that Fox-IT finds, the hackers come every few weeks to see whether interesting new data can be found at NXP and whether more user accounts and parts of the network can be hacked.”

NXP did not alert customers or shareholders to the intrusion, other than a brief reference in a 2019 annual report.

Read: https://arstechnica.com/security/2023/11/hackers-spent-2-years-looting-secrets-of-chipmaker-nxp-before-being-detected/

Channel 1 Launches Proof-of-Concept Newscast, Revealing Just How Far AI-Generated Videos Have Come

Channel 1 recently launched a proof-of-concept “showcase” newscast which reveals how far AI-generated videos of humans have come in a short time. Although there are a few telltale anomalies that expose these reporters as computer creations—slight video distortions around the mouth, say, or overly repetitive hand gestures—these signs are often so small that they would be easy to miss at a casual glance or on a small screen like that on a phone.

Aside from avatars based on “real people,” Channel 1 also says its newscasters “can be completely generated to have their own personality, appearance, and voice.” An example of one such whole-cloth creation delivers a report on futuristic cars in the sample newscast, but the effect is much less convincing.

When it comes to the actual news being reported, Channel 1 seems aware that it needs to overcome the inherent skepticism of AI chatbots. While the Hollywood Reporter says that Channel 1 “will use large language models (LLMs) to write its scripts,” an AI newscaster in the sample episode clarifies that this is “not fake news. There isn’t a computer somewhere writing its own news stories about things that haven’t happened.” Everything presented is pulled from “trusted sources” and run by “human editors and producers” who check for “accuracy and clarity” to generate news that is “fast, trustworthy, and accurate.”

Deadline reports that Channel 1 stories will draw from “a yet-to-be-announced news agency,” original reporting from “independent journalists,” and AI-generated stories built from “trusted primary source[s]” like government documents. This sourcing seems to work well enough in the sample episode, with a wide range of stories that sound like slightly rewritten summaries of the kind of straight reporting you’d get from a wire service like the AP or Reuters.

As presented, the pieces won’t win any awards for in-depth investigative reporting. But they suffice as a kind of simple news digest that summarizes and repackages on-the-ground reporting from actual humans.

Read: https://www.channel1.ai/

Canadian Government Paid Twitter Influencers to Promote Pandemic Policies Without Full Disclosure

Since 2021, a series of Twitter influencers have received over $680,000 from the Health Department. The goal? To drum up support for Canadian federal programs. Interestingly, these influencers often didn’t disclose their sponsored posts. The cabinet revealed in a Ministry Inquiry, presented in the Commons, that the payments covered a wide range of agency services. These included planning, content creation, influencer outreach and liaison, updates, content monitoring, evaluation, and payment management.

This information surfaced upon the request of Conservative MP Michelle Ferreri from Peterborough-Kawartha, Ontario. However, the exact amount each influencer received remains a mystery.

On March 24, 2021, the Health Department announced its Influencer Marketing Program to contractors. They did not disclose the cost. The department paid Twitter celebrities to enhance its credibility and instructed them not to harm the reputation of Health Canada or the Canadian Government.

Senator Marc Gold from Quebec, the Government Representative in the Senate, defended this approach. He stated, “The Government of Canada and the scientific committees that advise it and Health Canada are providing information to Canadians to the best of their ability and in real time.”

The paid influencers included the following Twitter handles: AlanisDesilets, ArcticMakeup, BreCarpeRuns, CaleonTwins, CassandraBouchard, CharlotteB123, ChelazonLeroux, ChKairyn, ChristineKissickHome, DaniellelsAnxious, DashingDad_YYC, DoTheDaniel, EveMartel, FleurMaison, IAmSukhManGill, Indigenous_Baddie, ItsChrisRobins, JahJahBanks, JemmyEchd, JoselyneEffa, Life_With_Benjamin, MomRdy2Go, OhKairyn, PascaleDeblois, PlayingWithApparelMen, RafaelLeroy, Riddjyy, ShaneWhalley, ShoshanaRose, SidAfz, ThatWarriorPrincess, TheDadCode, TheDiyMommy, TheLoistGirlsGuide, TheTinaSingh, ThreeLittleSeedlings, TresDuchelle, TychonCarter, UrduMom, VahineLefebvre, VardaEtienne, and YoutheCEO.

Read: https://www.blacklocks.ca/feds-paid-twitter-stars-682k/

Marketing Behemoth Confesses to Eavesdropping for Personalized Ads

U.S. marketing giant, Cox Media Group (CMG), is said to have confessed to employing a feature known as “Active Listening” for the purpose of personalized advertising. This technology is purportedly capable of eavesdropping on consumers via microphones in devices such as smartphones and smart speakers. The firm has been actively marketing this service to advertisers and featuring it on its website.

The disclosure has left the PPC community in shock, particularly in light of the ongoing global emphasis on increased privacy and the elimination of third-party cookies. Industry experts Glenn Gabe and Steve Huskey have voiced their apprehensions, with Gabe forecasting a grim outcome and Huskey labeling it as a clear breach of privacy.

CMG asserts that its Active Listening technology can pinpoint prospective customers in real-time through regular conversations. The availability of this feature on current devices is uncertain, but CMG advertises it as a cutting-edge marketing instrument that is “available today.” A representative from CMG explained that the company offers a diverse array of advertising tools, some of which encompass third-party vendor products powered by data sets obtained from users via various social media and other applications. Google, conversely, stated that Android has been restricting apps from gathering audio when not in active use for years, and an evident icon is displayed in the status bar whenever an app triggers a device’s microphone.

Read: https://searchengineland.com/marketing-giant-listens-conversations-tosell-targeted-ads-435830

Elsewhere Online:

Digital Services for Italian Public Administration Disrupted by Westpole Ransomware Attack
Read: https://securityaffairs.com/156090/cyber-crime/westpole-ransomware-attack.html

Unveiling the Inner Workings: Behind the Scenes of Matveev’s Ransomware Empire
Read: https://thehackernews.com/2023/12/behind-scenes-of-matveevs-ransomware.html

FBI’s Operation Seizes Dark Web Domain of ALPHV Ransomware, Gang Persists Despite Takedown
Read: https://www.hackread.com/fbi-seizes-dark-web-domain-alphv-ransomware/#google_vignette

EU Commissioners Open Investigation into Social Media Platform X Under New Digital Services Act
Read: https://reclaimthenet.org/eu-bureaucrats-formally-investigate-x-over-lack-of-disinformation-censorship

Predatory Sparrow Group Claims Responsibility for Cyber Attack that Shut Down 70% of Gas Stations Across Iran
Read: https://www.bankinfosecurity.com/iran-hit-by-major-cyberattack-targeting-nations-fuel-supply-a-23916

Previously on #AxisOfEasy