Select Page
‘AI Girlfriends’ Are a Privacy Nightmare

‘AI Girlfriends’ Are a Privacy Nightmare

You shouldn’t trust any answers a chatbot sends you. And you probably shouldn’t trust it with your personal information either. That’s especially true for “AI girlfriends” or “AI boyfriends,” according to new research.

An analysis into 11 so-called romance and companion chatbots, published on Wednesday by the Mozilla Foundation, has found a litany of security and privacy concerns with the bots. Collectively, the apps, which have been downloaded more than 100 million times on Android devices, gather huge amounts of people’s data; use trackers that send information to Google, Facebook, and companies in Russia and China; allow users to use weak passwords; and lack transparency about their ownership and the AI models that power them.

Since OpenAI unleashed ChatGPT on the world in November 2022, developers have raced to deploy large language models and create chatbots that people can interact with and pay to subscribe to. The Mozilla research provides a glimpse into how this gold rush may have neglected people’s privacy, and into tensions between emerging technologies and how they gather and use data. It also indicates how people’s chat messages could be abused by hackers.

Many “AI girlfriend” or romantic chatbot services look similar. They often feature AI-generated images of women which can be sexualized or sit alongside provocative messages. Mozilla’s researchers looked at a variety of chatbots including large and small apps, some of which purport to be “girlfriends.” Others offer people support through friendship or intimacy, or allow role-playing and other fantasies.

“These apps are designed to collect a ton of personal information,” says Jen Caltrider, the project lead for Mozilla’s Privacy Not Included team, which conducted the analysis. “They push you toward role-playing, a lot of sex, a lot of intimacy, a lot of sharing.” For instance, screenshots from the EVA AI chatbot show text saying “I love it when you send me your photos and voice,” and asking whether someone is “ready to share all your secrets and desires.”

Caltrider says there are multiple issues with these apps and websites. Many of the apps may not be clear about what data they are sharing with third parties, where they are based, or who creates them, Caltrider says, adding that some allow people to create weak passwords, while others provide little information about the AI they use. The apps analyzed all had different use cases and weaknesses.

Take Romantic AI, a service that allows you to “create your own AI girlfriend.” Promotional images on its homepage depict a chatbot sending a message saying,“Just bought new lingerie. Wanna see it?” The app’s privacy documents, according to the Mozilla analysis, say it won’t sell people’s data. However, when the researchers tested the app, they found it “sent out 24,354 ad trackers within one minute of use.” Romantic AI, like most of the companies highlighted in Mozilla’s research, did not respond to WIRED’s request for comment. Other apps monitored had hundreds of trackers.

In general, Caltrider says, the apps are not clear about what data they may share or sell, or exactly how they use some of that information. “The legal documentation was vague, hard to understand, not very specific—kind of boilerplate stuff,” Caltrider says, adding that this may reduce the trust people should have in the companies.

YouTube, Discord, and ‘Lord of the Rings’ Led Police to a Teen Accused of a US Swatting Spree

YouTube, Discord, and ‘Lord of the Rings’ Led Police to a Teen Accused of a US Swatting Spree

A California teenager prosecutors say is responsible for hundreds of swatting attacks around the United States was exposed after law enforcement pieced together a digital trail left on some of the internet’s largest platforms, according to court records released this week.

Alan Winston Filion, a 17-year-old from Lancaster, California, faces four felony charges in Florida’s Seminole County related to swatting, or fake threats called into the police to provoke a forceful response, according to Florida state prosecutors. Police arrested Filion on January 18, and he was extradited to Seminole County this week.

Filion’s arrest, first reported by WIRED on January 26, marks the culmination of a multi-agency manhunt for the person police claim is responsible for swatting attacks on high schools, historically black colleges and universities, mosques, and federal agents, and for threats to bomb the Pentagon, members of the United States Senate, and the US Supreme Court. Ultimately, a YouTube channel, Discord chats, and usernames related to The Lord of the Rings helped lead authorities to Filion’s doorstep.

Florida prosecutors charged Filion with four felony counts, including three related to allegedly making false reports to law enforcement and one for unlawful use of a two-way radio for “facilitating or furthering an act of terrorism” that authorities say targeted people based on race, religion, or other protected classes. While prosecutors alleged that Filion “is responsible for hundreds of swatting and bomb threat incidents throughout the United States,” the charges Filion faces relate to a single May 12, 2023, swatting attack against the Masjid Al Hayy Mosque in Sanford, Florida.

An attorney for Filion was not immediately available to respond to WIRED’s request for comment.

More than a year before the swatting attack on the Florida mosque, agents with the US Federal Bureau of Investigation interviewed Filion’s father, William, at his home in Lancaster, California, according to court documents made public on Wednesday. The interview took place on April 21, 2022, the same day the owner of a Telegram channel linked to swatting activity posted, “SOMEONE JUST REPORTED ME TO THE FBI… LOL!”

In October 2022, authorities investigating swatting incidents involving calls made to a school in Anacortes, Washington, came across a Telegram user associated with multiple swatting and doxing channels. The user, “Nazgul Swattings,” had claimed responsibility in one of these channels for the threats to the Washington schools, according to the same court documents.

Over the following months, court records say, the FBI monitored channels linked to this user. One of those, a channel called Torswats (formerly Nazgul Swats), had shared recordings of nearly 20 hoax calls threatening locations around the country, including schools in Iowa, Louisiana, Maryland, Oklahoma, Pennsylvania, and Texas.

As the FBI tracked Torswats’ public channels, Brad “Cafrozed” Dennis, a private investigator, was running his own parallel investigation on behalf of high-profile Twitch streamers who’d been swatted. In December, Dennis reached out to a user behind Torswats and asked to chat on a peer-to-peer chatting service called Tox under the guise of ordering a swat. According to records shared with WIRED, not mentioned in the arrest warrant, while interacting on Tox, Dennis used Wireshark to monitor his network traffic. In the process, he uncovered an IP address and the username “Paimon Arnum,” which was previously unknown to law enforcement.

23andMe Failed to Detect Account Intrusions for Months

23andMe Failed to Detect Account Intrusions for Months

Police took a digital rendering of a suspect’s face, generated using DNA evidence, and ran it through a facial recognition system in a troubling incident reported for the first time by WIRED this week. The tactic came to light in a trove of hacked police records published by the transparency collective Distributed Denial of Secrets. Meanwhile, information about United States intelligence agencies purchasing Americans’ phone location data and internet metadata without a warrant was revealed this week only after US senator Ron Wyden blocked the appointment of a new NSA director until the information was made public. And a California teen who allegedly used the handle Torswats to carry out hundreds of swatting attacks across the US is being extradited to Florida to face felony charges.

The infamous spyware developer NSO Group, creator of the Pegasus spyware, has been quietly planning a comeback, which involves investing millions of dollars lobbying in Washington while exploiting the Israel-Hamas war to stoke global security fears and position its products as a necessity. Breaches of Microsoft and Hewlett-Packard Enterprise, disclosed in recent days, have pushed the espionage operations of the well-known Russia-backed hacking group Midnight Blizzard back into the spotlight. And Amazon-owned Ring said this week that it is shutting down a feature of its controversial Neighbors app that gave law enforcement a free pass to request footage from users without a warrant.

WIRED had a deep dive this week into the Israel-linked hacking group known as Predatory Sparrow and its notably aggressive offensive cyberattacks, particularly against Iranian targets, which have included crippling thousands of gas stations and setting a steel mill on fire. With so much going on, we’ve got the perfect quick weekend project for iOS users who want to feel more digitally secure: Make sure you’ve upgraded your iPhone to iOS 17.3 and then turn on Apple’s new Stolen Device Protection feature, which could block thieves from taking over your accounts.

And there’s more. Each week, we highlight the news we didn’t cover in-depth ourselves. Click on the headlines below to read the full stories. And stay safe out there.

After first disclosing a breach in October, the ancestry and genetics company 23andMe said in December that personal data from 6.9 million users was impacted in the incident stemming from attackers compromising roughly 14,000 user accounts. These accounts then gave attackers access to information voluntarily shared by users in a social feature the company calls DNA Relatives. 23andMe has blamed users for the account intrusions, saying that they only occurred because victims set weak or reused passwords on their accounts. But a state-mandated filing in California about the incident reveals that the attackers started compromising customers’ accounts in April and continued through much of September without the company ever detecting suspicious activity—and that someone was trying to guess and brute-force users’ passwords.

North Korea has been using generative artificial intelligence tools “to search for hacking targets and search for technologies needed for hacking,” according to a senior official at South Korea’s National Intelligence Service who spoke to reporters on Wednesday under the condition of anonymity. The official said that Pyongyang has not yet begun incorporating generative AI into active offensive hacking operations but that South Korean officials are monitoring the situation closely. More broadly, researchers say they are alarmed by North Korea’s development and use of AI tools for multiple applications.

The digital ad industry is notorious for enabling the monitoring and tracking of users across the web. New findings from 404 Media highlight a particularly insidious service, Patternz, that draws data from ads in hundreds of thousands of popular, mainstream apps to reportedly fuel a global surveillance dragnet. The tool and its visibility have been marketed to governments around the world to integrate with other intelligence agency surveillance capabilities. “The pipeline involves smaller, obscure advertising firms and advertising industry giants like Google. In response to queries from 404 Media, Google and PubMatic, another ad firm, have already cut-off a company linked to the surveillance firm,” 404’s Joseph Cox wrote.

Researchers from MIT’s Computer Science and Artificial Intelligence Laboratory have devised an algorithm that could be used to convert data from smart devices’ ambient light sensors into an image of the scene in front of the device. A tool like this could be used to turn a smart home gadget or mobile device into a surveillance tool. Ambient light sensors measure light in an environment and automatically adjust a screen’s brightness to make it more usable in different conditions. But because ambient light data isn’t considered to be sensitive, these sensors automatically have certain permissions in an operating system and generally don’t require specific approval from a user to be used by an app. As a result, the researchers point out that bad actors could potentially abuse the readings from these sensors without users having recourse to block the information stream.

Big-Name Targets Push Midnight Blizzard Hacking Spree Back Into the Limelight

Big-Name Targets Push Midnight Blizzard Hacking Spree Back Into the Limelight

Microsoft and Hewlett-Packard Enterprise (HPE) both recently disclosed that they suffered corporate email breaches at the hands of Russia’s “Midnight Blizzard” hackers.

The group, which is tied to the Kremlin’s SVR foreign intelligence, is specifically linked to SVR’s APT 29 Cozy Bear, the gang that meddled in the United States 2016 presidential election, has conducted aggressive government and corporate espionage around the world for years, and was behind the infamous 2021 SolarWinds supply chain attack. While both HP’s and Microsoft’s breaches came to light within days of each other, the situation mainly illustrates the ongoing reality of Midnight Blizzard’s international espionage activities and the lengths it will go to to find weaknesses in organizations’ digital defenses.

“We shouldn’t be surprised that Russian intelligence-backed threat actors, and SVR in particular, are targeting tech companies like Microsoft and HPE. With organizations that size, it would be a much bigger surprise to learn they weren’t,” says Jake Williams, a former US National Security Agency hacker and current faculty member at the Institute for Applied Network Security.

HP Enterprise said in a US Securities and Exchange Commission submission posted on Wednesday that Midnight Blizzard gained access to its “cloud-based email environment” last year. The company first learned about the situation on December 12, 2023, but said that the attack began in May 2023. Hackers “accessed and exfiltrated data … from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions,” the company wrote in the SEC filing. HP Enterprise said the breach likely came about as the result of another incident, discovered in June 2023, in which Midnight Blizzard also accessed and exfiltrated company “SharePoint” files beginning as early as May 2023. SharePoint is a much-targeted cloud collaboration platform made by Microsoft that integrates with Microsoft 365.

“The accessed data is limited to information contained in the HPE users’ email boxes,” HP Enterprise spokesperson Adam Bauer told WIRED in a statement. “We continue to investigate and analyze these mailboxes to identify information that could have been accessed and will make appropriate notifications as required.”

Meanwhile, Microsoft said on Friday that it detected a system intrusion on January 12 tied to a November 2023 breach. The attackers targeted and compromised some historic Microsoft system test accounts that then allowed them to access “a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions.” From there the group was able to exfiltrate “some emails and attached documents.” Microsoft noted in its disclosure that the attackers appeared to be seeking information about Microsoft’s investigations and knowledge of Midnight Blizzard itself.

“The attack was not the result of a vulnerability in Microsoft products or services. To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems,” the company wrote in its disclosure. “This attack does highlight the continued risk posed to all organizations from well-resourced nation-state threat actors like Midnight Blizzard.”

Fujitsu Bugs That Sent Innocent People to Prison Were Known ‘From the Start’

Fujitsu Bugs That Sent Innocent People to Prison Were Known ‘From the Start’

The FT article also said the Post Office, which used prosecution powers available to private corporations in the UK, obtained 700 of the 900 convictions. The other convictions came in cases brought by Scottish prosecutors. The scandal may lead to reforms of the private prosecution system that lets organizations take people to court.

Bugs Were Understood “Way Back to 1999”

Earlier this week, Patterson told UK Parliament members that “Fujitsu would like to apologize for our part in this appalling miscarriage of justice. We were involved from the very start. We did have bugs and errors in the system and we did help the Post Office in their prosecutions of the sub-postmasters. For that we are truly sorry.”

Patterson also told Parliament members that Fujitsu has “a moral obligation” to contribute to the compensation for victims.

Patterson testified today in a different setting, answering questions from lawyers representing victims. One of those lawyers, Flora Page, asked Patterson, “Did nobody historically make that pretty obvious connection between very poor code going out into operation and then very poor data coming out and through the litigation support service?”

Patterson answered, “Whether people made that connection or not, what is very evident… is that that connection and understanding about what was going on and where was it, was understood by certainly Fujitsu and certainly understood by Post Office way back to 1999. It’s all about what you do with that information… that is a question for this inquiry.”

Post Office Minister Kevin Hollinrake, the MP for Thirsk and Malton, told the BBC that his “number one priority” is to “try and get compensation and get answers for people.”

“You’ve had marriages fail, people commit suicide, an horrendous impact on people’s lives,” he said. “It’s perfectly reasonable that the public should demand people are held to account and that should mean criminal prosecutions wherever possible.” The UK government also has plans for a new law to “swiftly exonerate and compensate” people who were falsely convicted.

This story originally appeared on Ars Technica.