But wait, there are others. Every week we gather the security stories we don’t tell ourselves. Click on the headlines to read the full stories. And stay safe out there.
Most of the TikTok challenges you have heard are fake. This one, however, is deadly serious. Automaker Huyandai this week agreed to pay about $200 million to customers whose cars were stolen after a viral TikTok challenge exposed a major security flaw in some Hyundai and Kia vehicles.
The challenge started after user “Kia Boys” posted a video on TikTok showing that it is possible to hot-wire vulnerable cars using a USB cable. According to Engadget, at least 14 crashes and eight deaths have been linked to the challenge. Hyundai will pay affected customers up to $6,125 for stolen vehicles and up to $3,375 to cover the cost of damage caused by those who exploited the error. The company also has an “anti-theft update” available for affected vehicles. Check to see if your vehicle is affected here.
The US Foreign Intelligence Surveillance Court yesterday unsealed an April 2022 opinion that exposed widespread FBI misuse of the so-called Section 702 database, a vast trove of electronic communication records used by the bureau and the National Security Agency. . The court found that the FBI improperly queried the database, established under Section 702 of the Foreign Intelligence Surveillance Act, more than 287,000 times in 2020 and 2021. The FBI’s search targets include the January 6 demonstrators, the people arrested while protesting the police killing of George Floyd in Minneapolis, and about 19,000 American political donors to an anonymous US congressional campaign.
Section 702 gives the US government the authority to collect communications of targets abroad. The communications of Americans can be captured in the database if they communicate with someone outside the US. An audit released by the Office of the Director of National Intelligence last year found many similar instances of the FBI abusing the Section 702 database to track down American citizens, including U.S. congressmen. Darin LaHood. After the ODNI audit and this week’s release of the court opinion, the FBI said the abuse was the result of a “misunderstanding” and promised it had fixed the problem. Regardless, Section 702 expires at the end of the year without reauthorization from Congress, potentially putting the FBI’s repeated and widespread abuses at risk.
The US Justice Department on Tuesday announced charges against a former Apple engineer accused of stealing the company’s source code related to self-driving-car technology. Weibao Wang allegedly stole “sensitive” documents during the last days of his employment at Apple in April 2018. Wang left Apple five months after he signed an agreement to work for a subsidiary based in in the US by a company located in China, according to the Department of Justice. After US law enforcement searched his home in Mountain View, California, in June 2018, the 35-year-old Wang fled to China, the Justice Department said. If convicted, Wang faces up to 10 years in prison and fines.
Everyone knows how much data can be collected about you whenever you are online. But a bigger concern may be what someone can collect about you whenever you are anywhere. That’s the warning of a new research paper, which finds it possible to collect “environmental DNA”—traces of genetic material floating in the air or liquids, also called eDNA—that could be linked to medical or ancestral details of a person. Legal experts spoke to The New York Times warn that if the police or other government authorities start collecting eDNA, as scientists studying animals have done for a decade, it could create widespread abuses of privacy and civil liberties.