In maybe on the most fascinating hacking story of the year, a trio of technologists in India discovered an innovative way to bypass Apple’s AirPod Pro 2s location restrictions so they could enable the headphones’ hearing aid feature for their grandmothers. The hack involved a homemade Faraday cage, a microwave, and a lot of trial and error.
On the other end of the technological advancement spectrum, the US military is currently testing an AI machine gun capable of automatically targeting swarms of drones. The Bullfrog, created by Allen Control Systems, is one of several advanced weapon technologies being developed to combat the growing threat of low-cost, small drones on the battlefield.
The US Department of Justice announced this week that an 18-year-old man from California has admitted to carrying out or organizing more than 375 stabbing attacks in the United States.
Then, of course, there’s the Donald Trump of it all. This week we published a practical guide to protecting yourself from government surveillance. Of course, WIRED has been covering the dangers of government surveillance for decades. But when the president-elect is specifically threatening to jail his political enemies—whoever they are—now is probably a good time to brush up on your digital best practices.
In addition to the potential surveillance of U.S. citizens through the dragnet, U.S. Immigration and Customs Enforcement began ramping up its surveillance arsenal in the day after Trump’s re-election. Meanwhile, experts expect the incoming administration to roll back cybersecurity rules put in place under President Joe Biden while taking a tougher stance against state-sponsored hostile hackers. And if all this political upheaval has you protesting, beware: An investigation co-published by WIRED and The Marshall Project found that mask bans enacted in several states add a complex new layer to the exercise of free speech.
And that’s not all. Each week we round up privacy and security news that we haven’t covered in depth. Click on the headlines to read the full stories and be safe out there.
In August 2016 approximately 120,000 bitcoins—worth about $71 million at the time—were stolen in a hack of the Bitfinex cryptocurrency exchange. Then in 2022, as the cryptocurrency’s value skyrocketed, law enforcement officials in New York arrested husband and wife Ilya Lichtenstein and Heather Morgan in connection with hacking and laundering the wildly inflated $4.5 billion in stolen cryptocurrency. (At the time, $3.6 billion of the funds were recovered by law enforcement investigators.)
This week, after pleading guilty in 2023, Lichtenstein was sentenced to five years in prison for hacking and laundering the proceeds. With subsequent cryptocurrency spikes and additional seizures related to the hack, the US government has already managed to recover more than $10 billion in assets. A series of operational security lapses by Liechtenstein made much of the illegal cryptocurrency easy for officials to seize, but investigators also applied sophisticated crypto-tracing methods to discover how the funds were stolen and subsequently moved.
In addition to the brazen scale of the heist, Lichtenstein and Morgan gained online notoriety and ridicule after their arrests due to a series of Forbes articles written by Morgan and rap videos posted on YouTube under the name “Razzlekhan.” Morgan, who also pleaded guilty, is scheduled to be sentenced Nov. 18.
Fraudsters are increasingly adopting AI as part of their criminal tools – using the technology to create deep fakes, translate scripts and make their operations more efficient. But artificial intelligence is also turning against fraudsters. British telco Virgin Media and its mobile operator O2 have created a new ‘AI granny’ that can answer phone calls from scammers and make them talk. The system uses various AI models, according to The Register, which listen to what the scammer is saying and react immediately. In one case, the company says it kept a scammer on the line for 40 minutes and gave others false personal information. Unfortunately, the system (at least at the moment) cannot directly answer calls made to your phone; instead, O2 created a specific phone number for the system, which the company says was able to be placed on lists of numbers called by fraudsters.
In a new legal strategy for those trying to hold commercial spyware vendors accountable, attorney Andreu Van den Einde, who was allegedly hacked with NSO Group spyware, is directly accusing two of the company’s founders, Omri Lavi and Shalev Julio, and one of its executives, Yuval Someh, for hacking crimes in a lawsuit. Barcelona-based human rights nonprofit Iridia announced this week that it had filed the complaint in a Catalan court. Van den Einde was reportedly the victim of a hacking campaign using NSO’s notorious Pegasus spyware against at least 65 Catalans. Van den Eynde and Iridia initially sued NSO Group in a court in Barcelona in 2022. together with subsidiaries Osy Technologies and Q Cyber Technologies. “People responsible for NSO Group should explain their specific activities,” a legal representative for Iridia and Van den Eynde wrote in the complaint, which was written in Catalan and translated by TechCrunch.
Research released this week by mobile device management firm Jamf found that hackers with ties to North Korea have been working to implant malware into macOS apps built with a specific open-source software development kit. The campaigns focused on cryptocurrency-related targets and involved infrastructure similar to systems used by North Korea’s notorious Lazarus Group. It is unclear whether the activity has actually compromised the victim or is still in the testing phase.
Financially motivated and state-backed hackers have less reason to use malware targeting Apple Macs than hacking tools that infect Microsoft Windows or Linux desktops and servers. So when Mac malware emerges, it’s usually niche, but it can also be a telling indicator of trends and priorities among hackers.
