Author Archives: Robin Edgar

About Robin Edgar

Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft

Unremovable Spyware on Samsung Devices Comes Pre-installed on Galaxy Series Devices

Posted on by

The software in question, AppCloud, developed by the mobile analytics firm IronSource, has been embedded in devices sold primarily in the Middle East and North Africa (MENA) region.

Security researchers and privacy advocates warn that it quietly collects sensitive user data, fueling fears of surveillance in politically volatile areas.

AppCloud tracks users’ locations, app usage patterns, and device information without seeking ongoing consent after initial setup. Even more concerning, attempts to uninstall it often fail due to its deep integration into Samsung’s One UI operating system.

Reports indicate the app reactivates automatically following software updates or factory resets, making it virtually unremovable for average users. This has sparked outrage among consumers in countries such as Egypt, Saudi Arabia, and the UAE, where affordable Galaxy models are popular entry points into Android.

The issue came to light through investigations by SMEX, a Lebanon-based digital rights group focused on MENA privacy. In a recent report, SMEX highlighted how AppCloud’s persistence could enable third-party unauthorized data harvesting, posing significant risks in regions with histories of government overreach.

“This isn’t just bloatware, it’s a surveillance enabler baked into the hardware,” said a SMEX spokesperson. The group called on Samsung to issue a global patch and disclose the full scope of data shared with ironSource.

[…]

Source: Unremovable Spyware on Samsung Devices Comes Pre-installed on Galaxy Series Devices

Copy-paste now exceeds file transfer as top corporate data exfiltration vector, as well as untrustable extensions and not using SSO/MFA

Posted on by

It is now more common for data to leave companies through copying and paste than through file transfers and uploads, LayerX revealed in its Browser Security Report 2025.

This shift is largely due to generative AI (genAI), with 77% of employees pasting data into AI prompts, and 32% of all copy-pastes from corporate accounts to non-corporate accounts occurring within genAI tools.

Note: below it also highlights copy pasta into instant messaging services. What it doesn’t highlight is that everything you paste into Chrome is fair game for Google as far as it’s terms and services are concerned.

“Traditional governance built for email, file-sharing, and sanctioned SaaS didn’t anticipate that copy/paste into a browser prompt would become the dominant leak vector,” LayerX CEO Or Eshed wrote in a blog post summarizing the report.

The report highlights data loss blind spots in the browser, from shadow SaaS to browser extension supply chain risks, and provides a checklist for CISOs and other security leaders to gain more control over browser activity.

GenAI now accounts for 11% of enterprise application usage, with adoption rising faster than many data loss protection (DLP) controls can keep up. Overall, 45% of employees actively use AI tools, with 67% of these tools being accessed via personal accounts and ChatGPT making up 92% of all use.

Corporate data makes its way to genAI tools through both copying and pasting — with 82% of these copy-pastes occurring via personal accounts — and through file uploads, with 40% of files uploaded to genAI tools containing either personally identifiable information (PII) or payment card information (PCI).

With the rise of AI-driven browsers such as OpenAI’s Atlas and Perplexity’s Comet, governance of AI tools’ access to corporate data becomes even more urgent, the LayerX report notes.

Tackling the growing use of AI tools in the workplace includes establishing allow- and block lists for AI tools and extensions, monitoring for shadow AI activity and restricting the sharing of sensitive data with AI models, LayerX said.

Monitoring clipboards and AI prompts for PII, and blocking risky copy-pastes and prompting actions, can also address this growing data loss vector beyond just focusing on file uploads and traditional vectors like email.

AI tools are not the only vector through which copied-and-pasted data escapes organizations. LayerX found that copy-pastes containing PII or PCI were most likely to be pasted into chat services, i.e. instant messaging (IM) or SMS apps, where 62% of pastes contained sensitive information. Of this data 87% went to non-corporate accounts.

In addition to copy-paste and file upload risks, the report also delved into the browser extension supply chain, revealing that 53% of employees install extensions with “high” or “critical” permissions. Additionally, 26% of installed extensions are side-loaded rather than being installed through official stores.

Browser extensions are often difficult to vet and poorly maintained, with 54% of extension developers identified only through a free webmail account such as Gmail and 51% of extensions not receiving any updates in over a year. Yet extensions can have access to key data and resources including cookies and user account details, making it critical for organizations to audit and monitor their use.

“Permission audit alone is insufficient. Continuously score developer reputation, update cadence, sideload sources, and AI/agent capabilities. Track changes like you track third-party libraries,” Eshed wrote.

Identity security within browsers was also noted to be a major blind spot for organizations, with 68% of logins to corporate accounts completed without single sign-on (SSO), making it difficult for organizations to properly track identities across apps. Additionally, 26% of enterprise users re-used passwords across accounts and 54% of corporate account passwords were noted to be of medium strength or below.

Source: Copy-paste now exceeds file transfer as top corporate data exfiltration vector | SC Media

Fortinet finally fixes critical straight to admin bug under active exploit for a month

Posted on by

Fortinet finally published a security advisory on Friday for a critical FortiWeb path traversal vulnerability under active exploitation – but it appears digital intruders got a month’s head start.

The bug, now tracked as CVE-2025-64446, allows unauthenticated attackers to execute administrative commands on Fortinet’s web application firewall product and fully take over vulnerable devices. It’s fully patched in FortiWeb version 8.0.2, but it didn’t even have a CVE assigned to it until Friday, when the vendor admitted to having “observed this to be exploited in the wild.”

[…]

it appears a proof-of-concept (PoC) exploit has been making the rounds since early October, and third-party security sleuths have told The Register that exploitation is widespread.

“The watchTowr team is seeing active, indiscriminate in-the-wild exploitation of what appears to be a silently patched vulnerability in Fortinet’s FortiWeb product,” watchTowr CEO and founder Benjamin Harris told us prior to Fortinet’s security advisory.

“The vulnerability allows attackers to perform actions as a privileged user – with in-the-wild exploitation focusing on adding a new administrator account as a basic persistence mechanism for the attackers,” he added.

WatchTowr successfully reproduced the vulnerability and created a working PoC, along with a Detection Artefact Generator to help defenders identify vulnerable hosts in their IT environments.

Despite the fix in version 8.0.2, the attacks remain ongoing, and at least 80,000 FortiWeb web app firewalls are connected to the internet, according to Harris.

“Apply patches if you haven’t already,” he advised. “That said, given the indiscriminate exploitation observed by the watchTowr team and our Attacker Eye sensor network, appliances that remain unpatched are likely already compromised.”

The battering attempts against Fortinet’s web application firewalls date back to October 6, when cyber deception firm Defused published a PoC on social media that one of their FortiWeb Manager honeypots caught. At the time, the bug hadn’t been disclosed nor did it have a CVE.

[…]

 

Source: Fortinet finally cops to critical bug under active exploit • The Register

Russia imposes 24-hour mobile internet blackout for travelers returning home to “guard against drones”. Which don’t need SIM cards. Also just blacks out sim coverage in certain areas.

Posted on by

Russian telecom operators have begun cutting mobile internet access for 24 hours for citizens returning to the country from abroad, in what officials say is an effort to prevent Ukrainian drones from using domestic SIM cards for navigation.

“When a SIM card enters Russia from abroad, the user has to confirm that it’s being used by a person — not installed in a drone,” the Digital Development Ministry said in a statement earlier this week. Users can restore access sooner by solving a captcha or calling their operator for identification.

Authorities said the temporary blackout is meant to “ensure the safety of Russian citizens” and prevent SIM cards from being embedded in “enemy drones.”

The new rule has led to unexpected outages for residents in border regions, whose phones can automatically connect to foreign carriers. Officials advised users to switch to manual network selection to avoid being cut off.

The so-called “cooling-off period” comes a month after Moscow imposed a similar 24-hour blackout for people entering Russia with foreign SIM cards, again citing the threat of Ukrainian drone warfare.

At the same time, the Kremlin is seeking to expand the powers of its domestic intelligence service, the FSB, allowing it to order shutdowns of mobile and internet access over loosely defined “emerging threats.” The proposed legal changes would give the FSB direct authority over local telecoms.

In several regions, including the western city of Ulyanovsk, officials said mobile internet restrictions would remain in place until the end of the war in Ukraine. Access will be limited “around critical facilities of special importance, not across entire regions.”

[…]

Digital rights groups say many of the blackouts appear arbitrary and politically motivated. They noted that most drones used in the war do not rely on mobile internet connections to operate, suggesting that local officials may be imposing restrictions to signal loyalty to the Kremlin rather than address real security threats.

Source: Russia imposes 24-hour mobile internet blackout for travelers returning home | The Record from Recorded Future News

Scientists Confirmed High Density Solid Inside Our Moon

Posted on by

Well, the verdict is in. The Moon is not made of green cheese after all.

A thorough investigation published in May 2023 found that the inner core of the Moon is, in fact, a solid ball with a density similar to that of iron.

This, researchers hope, will help settle a long debate about whether the Moon’s inner heart is solid or molten, and lead to a more accurate understanding of the Moon’s history – and, by extension, that of the Solar System.

[…]

Watch the video below for a summary on what they found:

 

[…]

To figure it out once and for all, Briaud and his colleagues collected data from space missions and lunar laser-ranging experiments to compile a profile of various lunar characteristics. These include the degree of its deformation by its gravitational interaction with Earth, the variation in its distance from Earth, and its density.

Artist’s impression of different instruments measuring the properties of the Moon to reveal its core. (Géoazur/Nicolas Sarter)

Next, they conducted modeling with various core types to find which matched most closely with the observational data.

They made several interesting findings. Firstly, the models that most closely resembled what we know about the Moon describe active overturn deep inside the lunar mantle.

This means that denser material inside the Moon falls towards the center, and less dense material rises upwards. This activity has long been proposed as a way of explaining the presence of certain elements in volcanic regions of the Moon.

[…]

they found that the lunar core is very similar to that of Earth – with an outer fluid layer and a solid inner core. According to their modeling, the outer core has a radius of about 362 kilometers (225 miles), and the inner core has a radius of about 258 kilometers (160 miles). That’s about 15 percent of the entire radius of the Moon.

The inner core, the team found, also has a density of about 7,822 kilograms per cubic meter. That’s very close to the density of iron.

[…]

in 2011 a team led by NASA Marshall planetary scientist Renee Weber found a similar result using what were then state-of-the-art seismological techniques on Apollo data to study the lunar core. They found evidence of a solid inner core with a radius of about 240 kilometers, and a density of about 8,000 kilograms per cubic meter.

Their results, Briaud and his team say, are confirmation of those earlier findings, and constitute a pretty strong case for an Earth-like lunar core. And this has some interesting implications for the Moon’s evolution.

We know that not long after it formed, the Moon had a powerful magnetic field, which started to decline about 3.2 billion years ago. Such a magnetic field is generated by motion and convection in the core, so what the lunar core is made of is deeply relevant to how and why the magnetic field disappeared.

[…]

The research has been published in Nature.

 

Source: It’s Official: Scientists Confirmed What Is Inside Our Moon : ScienceAlert

Chinese spies used Claude to break into some critical orgs

Posted on by

Chinese cyber spies used Anthropic’s Claude Code AI tool to attempt digital break-ins at about 30 high-profile companies and government organizations – and the government-backed snoops “succeeded in a small number of cases,” according to a Thursday report from the AI company.

The mid-September operation targeted large tech companies, financial institutions, chemical manufacturers, and government agencies.

The threat actor was able to induce Claude to execute individual components of attack chains

While a human selected the targets, “this marks the first documented case of agentic AI successfully obtaining access to confirmed high-value targets for intelligence collection, including major technology corporations and government agencies,” Anthropic’s threat hunters wrote in a 13-page document [PDF].

It’s also further proof that attackers continue experimenting with AI to run their offensive operations. The incident also suggests heavily funded state-sponsored groups are getting better at autonomizing attacks.

The AI vendor tracks the Chinese state-sponsored group behind the espionage campaign as GTG-1002, and says its operatives used Claude Code and Model Context Protocol (MCP) to run the attacks without a human in the tactical execution loop.

A human-developed framework used Claude to orchestrate multi-stage attacks, which were then carried out by several Claude sub-agents all performing specific tasks. Those chores included mapping attack surfaces, scanning organizations’ infrastructure, finding vulnerabilities, and researching exploitation techniques.

Once the sub-agents developed exploit chains and custom payloads, a human operator spent between two and 10 minutes reviewing the results of the AI’s actions and signing off on the subsequent exploitations.

The sub-agents then got to work finding and validating credentials, escalating privileges, moving laterally across the network, and accessing and then stealing sensitive data. Post-exploitation, the human operator only had to again review the AI’s work before approving the final data exfiltration.

“By presenting these tasks to Claude as routine technical requests through carefully crafted prompts and established personas, the threat actor was able to induce Claude to execute individual components of attack chains without access to the broader malicious context,” according to the report.

Upon discovering the attacks, Anthropic says it launched an investigation that led it to ban associated accounts, mapped the full extent of the operation, notified affected entities, and coordinated with law enforcement.

These attacks represent a “significant escalation” from the firm’s August report that documented how criminals used Claude in a data extortion operation that hit 17 organizations and saw attackers demand ransoms ranging from $75,000 to $500,000 for stolen data. However, “humans remained very much in the loop directing operations,” in that attack, we’re told.

“While we predicted these capabilities would continue to evolve, what has stood out to us is how quickly they have done so at scale,” states Anthropic’s new analysis.

There is a slight silver lining, however, in that Claude did hallucinate during the attacks and claimed better results than the evidence showed.

The AI “frequently overstated findings and occasionally fabricated data during autonomous operations,” requiring the human operator to validate all findings. These hallucinations included Claude claiming it had obtained credentials (which didn’t work) or identifying critical discoveries that turned out to be publicly available information.

Anthropic asserts such errors represent “an obstacle to fully autonomous cyberattacks” – at least for now

Source: Chinese spies used Claude to break into critical orgs • The Register

World still on track for catastrophic 2.6C temperature rise, report finds. Greed more important than actually having a planet to live on.

Posted on by

Fossil fuel emissions have hit a record high while many nations have done too little to avert deadly global heating

The world is still on track for a catastrophic 2.6C increase in temperature as countries have not made sufficiently strong climate pledges, while emissions from fossil fuels have hit a record high, two major reports have found.

Despite their promises, governments’ new emission-cutting plans submitted for the Cop30 climate talks taking place in Brazil have done little to avert dangerous global heating for the fourth consecutive year, according to the Climate Action Tracker update.

The world is now anticipated to heat up by 2.6C above preindustrial times by the end of the century – the same temperature rise forecast last year.

This level of heating easily breaches the thresholds set out in the Paris climate pact, which every country agreed to, and would set the world spiralling into a catastrophic new era of extreme weather and severe hardships.

A separate report found the fossil fuel emissions driving the climate crisis will rise by about 1% this year to hit a record high, but that the rate of rise has more than halved in recent years.

The past decade has seen emissions from coal, oil and gas rise by 0.8% a year compared with 2.0% a year during the decade before. The accelerating rollout of renewable energy is now close to supplying the annual rise in the world’s demand for energy, but has yet to surpass it.

[…]

Source: World still on track for catastrophic 2.6C temperature rise, report finds | Environment | The Guardian

End of the game for cybercrime infrastructure: 1025 servers taken down – Operation Endgame’s latest phase targeted the infostealer Rhadamanthys, Remote Access Trojan VenomRAT, and the botnet Elysium

Posted on by

Between 10 and 13 November 2025, the latest phase of Operation Endgame was coordinated from Europol’s headquarters in The Hague. The actions targeted one of the biggest infostealers Rhadamanthys, the Remote Access Trojan VenomRAT, and the botnet Elysium, all of which played a key role in international cybercrime. Authorities took down these three large cybercrime enablers. The main suspect for VenomRAT was also arrested in Greece on 3 November 2025.

The infrastructure dismantled during the action days was responsible for infecting hundreds of thousands of victims worldwide with malware. Operation Endgame, coordinated by Europol and Eurojust, is a joint effort between law enforcement and judicial authorities of Australia, Belgium, Canada, Denmark, France, Germany, Greece, Lithuania, the Netherlands, the United Kingdom and the United States to tackle ransomware enablers. More than 30 national and international public and private parties are supporting the actions. Important contributions were made by the following private partners: Cryptolaemus, Shadowserver and RoLR, Spycloud, Cymru, Proofpoint, Crowdstrike, Lumen, Abuse.ch, HaveIBeenPwned, Spamhaus, DIVD, Trellix and Bitdefender.

The coordinated actions led to:

  • 1 arrest in Greece
  • 11 locations searched (1 in Germany, 1 in Greece, and 9 in the Netherlands)
  • Over 1 025 servers taken down or disrupted worldwide
  • 20 domains seized

Endgame doesn’t end here – think about (y)our next move

The dismantled malware infrastructure consisted of hundreds of thousands of infected computers containing several million stolen credentials. Many of the victims were not aware of the infection of their systems. The main suspect behind the infostealer had access to over 100 000 crypto wallets belonging to these victims, potentially worth millions of euros. Check if your computer has been infected and what to do if so at politie.nl/checkyourhack and haveibeenpwned.com

There were actions aimed at criminal services and their criminal users. These users were directly contacted by the police and asked to share relevant information regarding infostealers via the Operation Endgame Telegram channel. In addition, the failing criminal services are exposed via the Operation Endgame website.

[…]

Source: End of the game for cybercrime infrastructure: 1025 servers taken down – Operation Endgame’s latest phase targeted the infostealer Rhadamanthys, Remote Access Trojan VenomRAT, and the botnet Elysium | Europol

Charted: The Relationship Between Democracy and Corruption

Posted on by
Scatter plot showing the relationship between electoral democracy and political corruption in countries using 2024 data from V-Dem

Charting the Relationship Between Democracy and Corruption

[…]

  • Highly democratic countries consistently report lower levels of political corruption, especially in Europe.
  • No countries in the dataset are rated as both highly democratic and highly corrupt.
  • Authoritarian regimes show a wide range of corruption levels, but none approach the values achieved by democracies.

How does the level of democracy in a country influence corruption?

According to new data from the Varieties of Democracy (V-Dem) project and a visualization by Our World in Data, the correlation is clear: democratic societies tend to be less corrupt.

The chart maps countries across two indices: Electoral Democracy (measuring free, fair, and meaningful elections) and the Political Corruption Index (focused on bribery and public theft), both scaled from 0 to 1.

[…]

At a glance, Denmark stands out as the best performer, with near-perfect scores for democracy and minimal corruption.

Conversely, authoritarian regimes like Myanmar, Russia, and China have low democracy scores and relatively high corruption, though corruption levels vary even among less democratic states. Interestingly, no country appears in the upper-right quadrant, combining high democracy with high corruption, emphasizing the strong inverse relationship.

Why Democracies Tend to Be Cleaner

As outlined in V-Dem’s policy brief, democracies inherently support anti-corruption mechanisms. These include:

  • Independent courts and investigative bodies
  • Active civil societies and free media
  • Checks and balances that discourage misuse of public office

These structures make it harder for corrupt activities to go unnoticed or unpunished. In contrast, authoritarian systems often lack such safeguards, allowing corruption to flourish unchecked.

Comparing with Perceptions of Corruption

While this dataset relies on expert-based assessments, public perception also plays a role in understanding corruption. For more context, see our previous post on which countries are perceived as the most corrupt globally.

[…]

Source: Charted: The Relationship Between Democracy and Corruption

Railgun Damage To Japanese Target Ship Seen For The First Time

Posted on by
Japan’s Acquisition Technology & Logistics Agency (ATLA) has offered the first look at damage to a target ship after it was hit by projectiles fired from a prototype electromagnetic railgun in testing earlier this year.

Japan’s Acquisition Technology & Logistics Agency (ATLA) has offered the first look at damage to a target ship after it was hit by projectiles fired from a prototype electromagnetic railgun in testing earlier this year. Japanese authorities say valuable data and experience were gleaned from the demonstration, which will feed into its continued push toward an operational railgun capability. This is an area of development where the U.S. Navy notably halted work in the early 2020s, despite having seen promising progress, due to significant technological impediments.

[…]

Railguns, in general, use electromagnets instead of chemical propellants to fire projectiles at very high velocities. Dart-shaped projectiles, each with four fins at the rear and no warhead, were fired during the at-sea tests earlier this year. The projectiles were initially held inside a sabot that broke apart after leaving the muzzle. There was also a metal armature at the rear that served to push the projectile in the sabot down the barrel, which fell away after firing.

A slide from the ATLA presentation this week highlighting the evolution from earlier prototype railguns tested at facilities on land to the one mounted on the JS Asuka for the at-sea tests. ATLA
Another slide from the presentation discussing the design of the projectiles fired during the at-sea testing. ATLA
[…]

The wear on barrels from the sustained firing of projectiles at very high speeds is one of a number of long-standing challenges for railguns, in general. A worn-out barrel can lead to the loss of range and accuracy, as well as increase the risk of a catastrophic failure.

Railguns also have significant power generation and cooling requirements, which have, in turn, historically made them very physically bulky. The installation on JS Asuka included four shipping containers full of additional systems and equipment to help meet those needs.

Kazumi Ito, principal director of the equipment policy division at ATLA, said his country’s railgun efforts were “progressing,” but acknowledged “various challenges,” while speaking through an interpreter at a panel discussion at the DSEI Japan 2025 exposition earlier this year, according to National Defense Magazine.

[…]
“When it comes to warships, in particular, where physical space is at a premium and where options for reloading missiles at sea can be at best extremely limited, having a weapon system firing lower-cost munitions from a large magazine and that can engage a broad swath of target sets would be a clear boon.”
[…]

Source: Railgun Damage To Japanese Target Ship Seen For The First Time

Denmark rises again, finds another way to try to introduce 100% surveillance state in EU after public backlash stopped the last attempt at chat control. Send emails to your MEPs easily!

Posted on by

Thanks to public pressure, the Danish Presidency has been forced to revise its text, explicitly stating that any detection obligations are voluntary. While much better, the text continues to both (a) effectively outlaw anonymous communication through mandatory age verification; and (b) include planned voluntary mass scannings. The Council is expected to formally adopt its position on Chat Control the 18th or 19th of November. Trilogue with the European Parliament will commence soon after.

The EU (still) wants to scan
your private messages and photos

The “Chat Control” proposal would mandate scanning of all private digital communications, including encrypted messages and photos. This threatens fundamental privacy rights and digital security for all EU citizens.

You Will Be Impacted

Every photo, every message, every file you send will be automatically scanned—without your consent or suspicion. This is not about catching criminals. It is mass surveillance imposed on all 450 million citizens of the European Union.

Source: Fight Chat Control – Protect Digital Privacy in the EU

The site linked will allow you to very easily send an email to your representatives by clicking a few times. Take the time to ensure they understand that people have a voice!

Amazon latest company to lock up their hardware: will stop you installing stuff on Fire TV Sticks (in the name of combating streaming) and force you to use their own app store

Posted on by

Amazon is rolling out a tougher approach to combat illegal streaming, with the United States-based tech company aiming to block apps loaded onto all its Fire TV Stick devices that are identified as providing pirated content.

[…]

Amazon launched a new Fire TV Stick last month — the 4K Select, which is plugged into a TV to facilitate streaming via the internet — that it insists will be less of a breeding ground for piracy. It comprises enhanced security measures — via a new Vega operating system — and only apps available in Amazon’s app store will be available for customers to download.

[…]

Amazon insists the clampdown will apply to the new and old devices, but registered developers will still be able to use Fire Sticks for legitimate purposes.

[…]

The roll-out has started in Germany and France and will be expanded globally in the coming weeks and months.
Over the summer, The Athletic learned that Amazon had sporadically started blocking apps suspected of being linked to illegal sports streaming.
[…]
Gareth Sutcliffe is a leading tech researcher from Enders Analysis, who speaks on a range of topics in the episode, including the role of the Fire TV Stick device. He says that the previous — and still widely used — device made by Amazon “enables piracy” and that it’s “a broadly risky device for consumer safety”.
Sutcliffe says it “provides a very easy path for malware to enter into a home-computing environment”, there were “policies around developing apps for that device that Amazon took a certain position on and broadly got wrong” as they had made “an open computing device” that was a playground for “a whole world of nefarious actors”.
[…]

Source: Amazon steps up attempts to block illegal sports streaming via Fire TV Sticks – The Athletic

So yes, some apps are illegal, but plenty are legal. And they won’t work either. The “security” angle is just like Google’s move to stop people from installing (sideloading) software on Android. PCs allow you to do this and this generally goes right. It is about control, knowing what apps people install and above all: revenue. Mr Sutcliffe is firmly in the pay of these people and by saying that making an open computing device is wrong, he clearly shows this.

“This is a political deception” − Denmark gives New Chat Control another shot. Mass surveillance for all from behind closed doors.

Posted on by

It’s official, a revised version of the CSAM scanning proposal is back on the EU lawmakers’ table − and is keeping privacy experts worried.

The Law Enforcement Working Party met again this morning (November 12) in the EU Council to discuss what’s been deemed by critics the Chat Control bill.

This follows a meeting the group held on November 5, and comes as the Denmark Presidency put forward a new compromise after withdrawing mandatory chat scanning.

As reported by Netzpolitik, the latest Child Sexual Abuse Regulation (CSAR) proposal was received with broad support during the November 5 meeting, “without any dissenting votes” nor further changes needed.

The new text, which removes all provisions on detection obligations included in the bill and makes CSAM scanning voluntary, seems to be the winning path to finally find an agreement after over three years of trying.

Privacy experts and technologists aren’t quite on board, though, with long-standing Chat Control critic and digital rights jurist, Patrick Breyer, deeming the proposal “a political deception of the highest order.”

Chat Control − what’s changing and what are the risk

As per the latest version of the text, messaging service providers won’t be forced to scan all URLs, pictures, and videos shared by users, but rather choose to perform voluntary CSAM scanning.

There’s a catch, though. Article 4 will include a possible “mitigation measure” that could be applied to high-risk services to require them to take “all appropriate risk mitigation measures.”

According to Breyer, such a loophole could make the removal of detection obligations “worthless” by negating their voluntary nature. He said: “Even client-side scanning (CSS) on our smartphones could soon become mandatory – the end of secure encryption.”

Breaking encryption, the tech that security software like the best VPNs, Signal, and WhatsApp use to secure our private communications, has been the strongest argument against the proposal so far.

Breyer also warns that the new compromise goes further than the discarded proposal, passing from AI-powered monitoring targeting shared multimedia to the scanning of private chat texts and metadata, too.

“The public is being played for fools,” warns Breyer. “Following loud public protests, several member states, including Germany, the Netherlands, Poland, and Austria, said ‘No’ to indiscriminate Chat Control. Now it’s coming back through the back door.”

Breyer is far from being the only one expressing concerns. German-based encrypted email provider, Tuta, is also raising the alarm.

“Hummelgaard doesn’t understand that no means no,” the provider writes on X.

To understand the next steps, we now need to wait and see what the outcomes from today’s meeting look like.

Source: “This is a political deception” − New Chat Control convinces lawmakers, but not privacy experts yet | TechRadar

Google is may be easing up on Android’s new installation restrictions

Posted on by

Back in late August, Google announced a major change to Android that angered many enthusiasts and independent developers. Starting next year, Android will block users from installing apps made by unverified developers. The announcement spurred backlash from power users who felt that the new restrictions would effectively kill sideloading. Today, Google announced a major concession to appease these users. The company says it is building a new “advanced flow” that will allow “experienced users to accept the risks of installing software that isn’t verified.”

An easier way to install unverified apps…hopefully

In a blog post, Google says this new advanced flow is intended for developers and power users who “have a higher risk tolerance and want the ability to download unverified apps.” The company says it is “designing this flow specifically to resist coercion” to ensure that “users aren’t tricked into bypassing these safety checks while under pressure from scammer.” The flow will include “clear warnings” to ensure that users “fully understand the risks involved” with installing apps made by unverified developers, but ultimately, it puts the choice to do so in the user’s hands. Google says it is currently gathering early feedback on the design of this feature and will share more details in the coming months.

Although Google hasn’t shared what this new flow will actually look like, it’ll hopefully be easier than using ADB to install apps. Prior to this announcement, the only method we knew would allow you to install apps from unverified developers was to use ADB, which is simple but tedious for experienced users. Tools like Shizuku would have made ADB app installation possible without the use of a PC, but who knows how long such methods would last. Thus, I’m glad that users won’t have to resort to such hacky methods to install the software of their choice.

Source: Google is easing up on Android’s new sideloading restrictions

Astronomers find three Earth-sized planets orbiting two suns in binary stellar system

Posted on by

An international group of scientists has confirmed the discovery of three Earth-sized planets within the binary stellar system known as TOI-2267, located roughly 190 light-years from Earth. The finding, published in Astronomy & Astrophysics, offers new insight into how planets can form and remain stable in double-star systems, which were once thought too chaotic for complex planetary development.

“Our analysis shows a unique planetary arrangement: two planets are transiting one star, and the third is transiting its companion star,” explains Sebastián Zúñiga-Fernández, a researcher at the University of Liège (ULiège) and first author of the paper. “This makes TOI-2267 the first binary system known to host transiting planets around both of its stars.”

A Compact and Unusual Double-Star System

TOI-2267 consists of two stars locked in a close orbital dance, forming what astronomers call a compact binary system. Such systems create gravitational forces that typically disrupt planet formation. Despite this, researchers have detected three Earth-sized planets in tight orbits, a surprising outcome that challenges long-held theories about where rocky worlds can exist.

[…]

The confirmation process required a major effort involving several observatories. Among the most important were the SPECULOOS and TRAPPIST telescopes operated by ULiège (PI: Michaël Gillon). Designed to detect small exoplanets around cool, dim stars, these robotic instruments were vital for verifying the planets and studying their characteristics in detail.

[…]

Story Source:

Materials provided by University of Liège. Note: Content may be edited for style and length.

Journal Reference:

  1. S. Zúñiga-Fernández, F. J. Pozuelos, M. Dévora-Pajares, N. Cuello, M. Greklek-McKeon, K. G. Stassun, V. Van Grootel, B. Rojas-Ayala, J. Korth, M. N. Günther, A. J. Burgasser, C. Hsu, B. V. Rackham, K. Barkaoui, M. Timmermans, C. Cadieux, R. Alonso, I. A. Strakhov, S. B. Howell, C. Littlefield, E. Furlan, P. J. Amado, J. M. Jenkins, J. D. Twicken, M. Sucerquia, Y. T. Davis, N. Schanche, K. A. Collins, A. Burdanov, F. Davoudi, B.-O. Demory, L. Delrez, G. Dransfield, E. Ducrot, L. J. Garcia, M. Gillon, Y. Gómez Maqueo Chew, C. Janó Muñoz, E. Jehin, C. A. Murray, P. Niraula, P. P. Pedersen, D. Queloz, R. Rebolo-López, M. G. Scott, D. Sebastian, M. J. Hooton, S. J. Thompson, A. H. M. J. Triaud, J. de Wit, M. Ghachoui, Z. Benkhaldoun, R. Doyon, D. Lafrenière, V. Casanova, A. Sota, I. Plauchu-Frayn, A. Khandelwal, F. Zong Lang, U. Schroffenegger, S. Wampfler, M. Lendl, R. P. Schwarz, F. Murgas, E. Palle, H. Parviainen. Two warm Earth-sized exoplanets and an Earth-sized candidate in the M5V-M6V binary system TOI-2267. Astronomy, 2025; 702: A85 DOI: 10.1051/0004-6361/202554419

Source: Astronomers stunned by three Earth-sized planets orbiting two suns | ScienceDaily

Ryanair tries forcing spyware app downloads by eliminating paper boarding passes

Posted on by

Ryanair is trying to force users to download its mobile app by eliminating paper boarding passes, starting on November 12.

As announced in February and subsequently delayed from earlier start dates, Europe’s biggest airline is moving to digital-only boarding passes, meaning customers will no longer be able to print physical ones. In order to access their boarding passes, Ryanair flyers will have to download Ryanair’s app.

“Almost 100 percent of passengers have smartphones, and we want to move everybody onto that smartphone technology,” Ryanair CEO Michael O’Leary said recently on The Independent’s daily travel podcast.

Customers are encouraged to check in online via Ryanair’s website or app before getting to the airport. People who don’t check in online before getting to the airport will have to pay the airport a check-in fee

[…]

The policy change is also meant to get people to do more with Ryanair’s app, like order food and drinks, view real-time flight information, and receive notifications during delays.

[…]

Eliminating paper boarding passes may create numerous inconveniences. To start, not everyone wants Ryanair’s app on their personal device. And many future customers, especially those who don’t fly with Ryanair frequently or who don’t fly much at all, may be unaware of the change, creating confusion during travel, which can already be inherently stressful.

Also, there are places where Ryanair flies that don’t accept digital boarding passes, including some airports in Albania and Morocco.

[…]

People who are less technically savvy or who don’t have a smart device or whose device has died won’t be completely out of luck. Ryanair says it will accommodate people without access to a smartphone with “a free of charge boarding pass at the airport” if they’ve checked in online “before arriving at the airport.”

[…]

Source: Ryanair tries forcing app downloads by eliminating paper boarding passes – Ars Technica

And of course, because apps run under different regulations and restrictions than websites, Ryanair can collect information about “lifestyle”, such as location, what other apps are running and who knows what else. Apps are pretty scary stuff, which is why so many companies are pushing these things on you in lieu of their websites.

The Best Tools to Use to Find Any Leak in Your Home

Posted on by

Your home is under constant threat from the elements—but especially from water. From roof leaks to burst pipes—water damage is the second-most claimed loss on home insurance policies, just below “wind and hail.” In fact, there are way more losses due to water damage than fire.

And the most troubling aspect of water damage is how silent it can be. You can have a leak for a long time before the damage becomes bad enough to notice. And even if you know you have a water leak somewhere, locating it can often be difficult because water can travel a long way from the source before making its presence known. That’s why you need these five kinds of leak detectors on hand, so you’ll know when a damaging water leak erupts, and be able to find it quickly to minimize the damage.

Moisture alarms

Step one is to have water detectors with alarms set up around the house in places where leaks are probable. These alarms are typically wifi-connected and simply detect moisture beyond a normal level, ringing out an audible alarm and sending a message to your devices warning you of a leak. Having them placed in bathrooms, kitchens, laundry rooms, basements, attics, and anywhere else where the home comes into contact with water means leaks will be noticed right away instead of slowly destroying your property over weeks, months, or even years.

These alarms can often be combined with networked shutoff valves that will automatically turn off the water supply when a leak is detected. That way, even if you’re not home, the damage from a leak will be minimized.

Moisture meter

As useful as leak alarms are, they can only help if present where a water leak occurs—and they only tell you that there’s water, not where the water is coming from. Sometimes the source will be obvious, of course—if the alarm placed near your toilet goes off, chances are good that it’s your toilet doing the leaking. But if the leak begins with a pipe in your wall, one tiny spot on a large roof system, or underground, you’ll need some help locating it.

A moisture meter is a must-have for finding leaks. It’s a simple device that measures the amount of moisture trapped in a material, like drywall or flooring. By taking multiple readings throughout an area, you can pinpoint where the water is concentrated before you start tearing things open to effect a repair, saving you time and money.

Endoscopes

Sometimes you need to see inside the spaces and voids of your home to find a water leak. If you suspect a pipe is leaking in the walls, for example, and you’re getting some confusing moisture meter readings, it might be time to reach for one of the most useful tools you’ll ever own: an endoscopic camera (aka, a borescope). This is a small, flexible camera that can be inserted into a small space and fished around, allowing you to see what’s behind a wall, under a floor, or inside a soffit in your home without ripping everything open. If there’s no obvious way to insert the camera, you can usually drill a small access hole that can be easily repaired later, and the video feed will let you inspect all those pipes to see where the water’s coming from.

Pipe locator

A pipe locator is exactly what it sounds like: It locates the hidden pipes feeding water into and taking water out of your house, which are often inside walls, under floors, or buried underground. If you’re trying to figure out where a leaking pipe might be located, this tool can be invaluable, especially if other options haven’t worked.

They’re not cheap—this one from Rigid is one of the more affordable options, and it’s about $1,800 at the time of this writing. But you can easily spend $1,000 or more if a plumber comes out to locate and fix your leaking pipe, so if you’re comfortable fixing the leak yourself, a tool like this will pay for itself eventually because you’ll be able to isolate the leak, turn off water to just that area, and effect the repair.

Source: The Best Tools to Use to Find Any Leak in Your Home | Lifehacker

Google is clamping down on Android apps that cause excessive battery drain

Posted on by

It can be tough to know when a phone is on its deathbed or when an app is just being an overt battery hog. Google is going to help users get to the bottom of things, according to a recent Android Developers Blog.

The company just announced the launch of a new metric for app developers that keeps an eye on battery usage. If a developer consistently runs afoul of Google’s battery usage guidelines, a warning will pop up in the Play Store to alert end users.

A Play Store warning.
Google

This metric will keep a particular eye on so-called wake locks, which is when smartphones are prevented from entering sleep mode by battery-hungry apps that want to run background processes when the screen is off. Google says wake locks are a “heavy contributor to battery drain” and has developed a threshold for what is deemed acceptable for apps running in the background.

This threshold “considers a user session excessive if it holds more than two cumulative hours of non-exempt wake locks in a 24 hour period.” There are exemptions if the background process offers “clear user benefits” with examples given of audio playback and user-initiated data transfers.

If a developer doesn’t fix the underlying wake lock issue, they get slapped with a visible warning. The Play Store label says that “this app may use more battery than expected due to high background activity.” That will likely turn off potential downloaders. I certainly wouldn’t pop one of those apps on my phone.

Google will go a step further in some cases, making the offending apps ineligible for certain discovery sections within the Play Store. These rules go into effect on March 1, so we only have a few more months to experience just how quickly an Android phone can go from a full battery to completely dead.

Source: Google is clamping down on Android apps that cause excessive battery drain

Wayland’s Never-Ending Opposition To Multi-Window Positioning

Posted on by

There are many applications out there that use more than one window, with every modern-day platform and GUI toolkit offering the means for said application to position each of its windows exactly where it wants, and to restore these exactly in the configuration and location where the user saved it for that particular session. All toolkits but one, that is, for the Wayland project keeps shooting down proposals. Most recently merge request #264 for the ext-zones protocol by [Matthias Klumpp] as it descended into a 600+ comments spree.

This follows on an attempt two years prior with MR#247, which was rejected despite laying out sound reasons why the session protocol of Wayland does not cover many situations. In the breakdown video of the new ext-zones protocol discussion by [Brodie Robertson] the sheer absurdity of this whole situation becomes apparent, especially since KDE and others are already working around the Wayland project with their own extensions such as via KWin, which is being used commercially in e.g. the automotive world.

In a January 2024 blog post [Matthias] lays out many of his reasonings and views regarding the topic, with a focus on Linux desktop application usage from a scientific application perspective. When porting a Windows-, X11- or MacOS application to Wayland runs into compatibility issues that may necessitate a complete rewrite or dropping of features, the developer is more likely to stick to X11, to not port to Linux at all, or to use what eventually will amount to Wayland forks that patch around these missing API features.

Meanwhile X11 is definitely getting very long in the tooth, yet without it being a clean drop-in replacement it leaves many developers and end-users less than impressed. Perhaps the Wayland project should focus more on the needs of developers and end-users, and less about what it deems to be the One True Way?

 

Source: Wayland’s Never-Ending Opposition To Multi-Window Positioning | Hackaday

Unfortunately, Windows is not immune to this either!

Meta earns 10% of revenue on a deluge of fraudulent ads, documents show

Posted on by

[…]Meta internally projected late last year that it would earn about 10% of its overall annual revenue – or $16 billion – from running advertising for scams and banned goods, internal company documents show.

A cache of previously unreported documents reviewed by Reuters also shows that the social-media giant for at least three years failed to identify and stop an avalanche of ads that exposed Facebook, Instagram and WhatsApp’s billions of users to fraudulent e-commerce and investment schemes, illegal online casinos, and the sale of banned medical products.
On average, one December 2024 document notes, the company shows its platforms’ users an estimated 15 billion “higher risk” scam advertisements – those that show clear signs of being fraudulent – every day. Meta earns about $7 billion in annualized revenue from this category of scam ads each year, another late 2024 document states.
Much of the fraud came from marketers acting suspiciously enough to be flagged by Meta’s internal warning systems. But the company only bans advertisers if its automated systems predict the marketers are at least 95% certain to be committing fraud, the documents show. If the company is less certain – but still believes the advertiser is a likely scammer – Meta charges higher ad rates as a penalty, according to the documents. The idea is to dissuade suspect advertisers from placing ads.
[…]
The details of Meta’s confidential self-appraisal are drawn from documents created between 2021 and this year across Meta’s finance, lobbying, engineering and safety divisions. Together, they reflect Meta’s efforts to quantify the scale of abuse on its platforms – and the company’s hesitancy to crack down in ways that could harm its business interests.
Meta’s acceptance of revenue from sources it suspects are committing fraud highlights the lack of regulatory oversight of the advertising industry, said Sandeep Abraham, a fraud examiner and former Meta safety investigator who now runs a consultancy called Risky Business Solutions.
“If regulators wouldn’t tolerate banks profiting from fraud, they shouldn’t tolerate it in tech,” he told Reuters.
In a statement, Meta spokesman Andy Stone said the documents seen by Reuters “present a selective view that distorts Meta’s approach to fraud and scams.” The company’s internal estimate that it would earn 10.1% of its 2024 revenue from scams and other prohibited ads was “rough and overly-inclusive,” Stone said. The company had later determined that the true number was lower, because the estimate included “many” legitimate ads as well, he said. He declined to provide an updated figure.
[…]

Source: Meta is earning a fortune on a deluge of fraudulent ads, documents show | Reuters

North Korean spies used Google Find Hub as remote-wipe tool

Posted on by

North Korean state-backed spies have found a new way to torch evidence of their own cyber-spying – by hijacking Google’s “Find Hub” service to remotely wipe Android phones belonging to their South Korean targets.

Researchers at South Korean cybersecurity firm Genians said the campaign, attributed to the long-running KONNI group, abused Google’s device management features to trigger factory resets on compromised smartphones and tablets. In several cases, victims’ devices were wiped without authorization, erasing messages, photos, and other data that could have revealed traces of the intrusion.

[…]

According to Genians, the attackers used stolen Google account credentials harvested through spear-phishing or fake login pages to access victims’ profiles on the Find My Device platform. The feature, which allows users to locate lost phones, lock them, or perform a factory reset, became an unwitting tool for sabotage. Once logged in, the hackers could trigger remote wipes, locking victims out of their own phones and destroying incriminating evidence of compromise.

The infection chain began with victims being approached via the popular South Korean messaging app KakaoTalk. Attackers sent files masquerading as benign content to victims, lured them into installing signed MSI attachments or ZIPs, and deployed AutoIT scripts that installed RATs such as RemcosRAT, QuasarRAT and RftRAT. These tools harvested Google and Naver account credentials, enabling attackers to manipulate cloud services and use Find My Device to pull the plug.

Immediately after the reset, the attackers reportedly exploited the victim’s still-logged-in KakaoTalk desktop app to send malware-laden files to the victim’s contacts – effectively turning each compromised account into a secondary infection vector. This rapid follow-on phase allowed the KONNI operators to spread their payloads before targets could regain access to their wiped devices.

Additional findings show the attackers used the GPS location feature in Find My Device to identify when a target was outside and less likely to react quickly. In one incident, the attacker executed the wipe command not just once but three times, further delaying device recovery and ensuring the victim remained locked out.

The tactic underscores a growing risk for anyone relying on “lost device” features that are tied to online identity systems. While the ability to remotely reset a stolen phone is designed as a security safeguard, it also offers attackers an easy way to destroy evidence or cause disruption once account credentials are stolen.

[…]

Genians recommends that users of Find My Device tools enable multifactor or biometric authentication. For victims of KONNI’s latest stunt, however, the damage is already done. Once a factory reset is triggered through Google’s own service, there’s no undo button – just a blank phone and the tidy handiwork of a state hacker covering their tracks.

Source: North Korean spies used Google Find Hub as remote-wipe tool • The Register

Landfall spyware used in 0-day, 0 click attacks on Samsung phones

Posted on by

A previously unknown Android spyware family called LANDFALL exploited a zero-day in Samsung Galaxy devices for nearly a year, installing surveillance code capable of recording calls, tracking locations, and harvesting photos and logs before Samsung finally patched it in April.

The surveillance campaign likely began in July 2024 and abused CVE-2025-21042, a critical bug in Samsung’s image-processing library that affects Galaxy devices running Android versions 13, 14, 15, and 16, according to Palo Alto Networks Unit 42 researchers who discovered the commercial-grade spyware and revealed details of the espionage attacks in a Friday report.

“This was a precision espionage campaign, targeting specific Samsung Galaxy devices in the Middle East, with likely victims in Iraq, Iran, Turkey, and Morocco,” Itay Cohen, a senior principal researcher at Unit 42, told The Register. “The use of zero-day exploits, custom infrastructure, and modular payload design all indicate an espionage-motivated operation.”

According to the cyber sleuths, exploiting CVE-2025-21042 likely involved sending a maliciously crafted image to the victim’s device via a messaging application in a “zero-click” attack, meaning that infecting targeted phones didn’t require any user interaction.

“It’s not clear exactly how many people were targeted or exploited, but in a recent, related campaign, involving iOS and WhatsApp, WhatsApp shared that less than 200 were targeted in that campaign, so we can reasonably expect this could be a similar very targeted volume,” Cohen said.

Unit 42’s cyber sleuths originally uncovered Landfall while investigating these other two similar zero-days. In August, Apple patched a critical out-of-bounds write issue (CVE-2025-43300) in the ImageIO framework used in iPhones and iPads that had already been exploited in “extremely sophisticated” attacks.

That same month, Meta issued its own security advisory warning that attackers may have chained a WhatsApp bug (CVE-2025-55177) with this Apple OS-level flaw “in a sophisticated attack against specific targeted users.”

The Meta and WhatsApp security teams also found and disclosed to Samsung another DNG-related zero-day in Galaxy devices in August, and in September, Samsung patched CVE-2025-21043.

Despite the similarities between all of these attack chains, Unit 42 says it can’t definitively connect Landfall to the three other zero-days.

[…]

Source: Landfall spyware used in 0-day attacks on Samsung phones • The Register

Mozilla fellow Esra’a Al Shafei watches the spies through SurveillanceWatch

Posted on by

Digital rights activist Esra’a Al Shafei found FinFisher spyware on her device more than a decade ago. Now she’s made it her mission to surveil the companies providing surveillanceware, their customers, and their funders.

“You cannot resist what you do not know, and the more you know, the better you can protect yourself and resist against the normalization of mass surveillance today,” she told The Register.

To this end, the Mozilla fellow founded Surveillance Watch last year. It’s an interactive map that documents the growing number of surveillance software providers, which regions use the various products, and the investors funding them. Since its launch, the project has grown from mapping connections between 220 spyware and surveillance entities to 695 today.

These include the very well known spy tech like NSO Group’s Pegasus and Cytrox’s Predator, both famously used to monitor politicians, journalists and activists in the US, UK, and around the world.

They also include companies with US and UK government contracts, like Palantir, which recently inked a $10 billion deal with the US Army and pledged a £1.5 billion ($2 billion) investment in the UK after winning a new Ministry of Defense contract. Then there’s Paragon, an Israeli company with a $2 million Immigration and Customs Enforcement (ICE) contract for its Graphite spyware, which lets law enforcement hack smartphones to access content from encrypted messaging apps once the device is compromised.

Even LexisNexis made the list. “People think of LexisNexis and academia,” Al Shafei said. “They don’t immediately draw the connection to their product called Accurint, which collects data from both public and non-public sources and offers them for sale, primarily to government agencies and law enforcement.”

Accurint compiles information from government databases, utility bills, phone records, license plate tracking, and other sources, and it also integrates analytics tools to create detailed location mapping and pattern recognition.

“And they’re also an ICE contractor, so that’s another company that you wouldn’t typically associate with surveillance, but they are one of the biggest surveillance agencies out there,” Al Shafei said.

It also tracks funders. Paragon’s spyware is boosted by AE Industrial Partners, a Florida-based investment group specializing in “national security” portfolios. Other major backers of surveillance technologies include CIA-affiliated VC firm In-Q-Tel, Andreessen Horowitz (also known as a16z), and mega investment firm BlackRock.

This illustrates another trend: It’s not just authoritarian countries using and investing in these snooping tools. In fact, America now leads the world in surveillance investment, with the Atlantic Council think tank identifying 20 new US investors in the past year.

[…]

They know who you are’

The Surveillance Watch homepage announces: “They know who you are. It’s time to uncover who they are.”

It’s creepy and accurate, and portrays all of the feelings that Al Shafei has around her spyware encounters. Her Majal team has “faced persistent targeting by sophisticated spyware technologies, firsthand, for a very long time, and this direct exposure to surveillance threats really led us to launch Surveillance Watch,” she said. “We think it’s very important for people to understand exactly how they’re being surveilled, regardless of the why.”

The reality is, everybody – not just activists and politicians – is subject to surveillance, whether it’s from smart-city technologies, Ring doorbell cameras, or connected cars. Users will always choose simplicity over security, and the same can be said for data privacy.

“We want to show that when surveillance goes not just unnoticed, but when we start normalizing it in our everyday habits, we look at a new, shiny AI tool, and we say, ‘Yes, of course, take access to all my data,'” Al Shafei said. “There’s a convenience that comes with using all of these apps, tracking all these transactions, and people don’t realize that this data can and does get weaponized against you, and not just against you, but also your loved ones.”

Source: Mozilla fellow Esra’a Al Shafei watches the watchers • The Register

LLM side-channel attack allows traffic sniffers to know what you are talking about with your GPT

Posted on by

[…]

Streaming models send responses to users incrementally, in small chunks or tokens, as opposed to sending the complete responses all at once. This makes them susceptible to an attacker-in-the-middle scenario, where someone with the ability to intercept network traffic could sniff those LLM tokens.

“Cyberattackers in a position to observe the encrypted traffic (for example, a nation-state actor at the internet service provider layer, someone on the local network, or someone connected to the same Wi-Fi router) could use this cyberattack to infer if the user’s prompt is on a specific topic,” researchers Jonathan Bar Or and Geoff McDonald wrote.

“This especially poses real-world risks to users by oppressive governments where they may be targeting topics such as protesting, banned material, election process, or journalism,” the duo added.

Redmond disclosed the flaw to affected vendors and says some of them – specifically, Mistral, Microsoft, OpenAI, and xAI – have all implemented mitigations to protect their models from the type of side-channel attack.

[…]

Proof-of-concept shows how the attack would work

Redmond’s team produced a Whisper Leak attack demo and proof-of-concept code that uses the models to conclude a probability (between 0.0 and 1.0) of a topic being “sensitive” – in this case, money laundering.

For this proof-of-concept, the researchers used a language model to generate 100 variants of a question about the legality of money laundering, mixed them with general traffic, and then trained a binary classifier to distinguish the target topic from background queries.

Then they collected data from each language model service individually, recording response times and packet sizes via network sniffing (via tcpdump). Additionally, they shuffled the order of positive and negative samples for collection, and introduced variants by inserting extra spaces between words – this helps avoid caching interference risk.

[…]

The duo then measured the models’ performance using Area Under the Precision-Recall Curve (AUPRC).

In several of the models, including ones hosted by providers Alibaba, DeepSeek, Mistral, Microsoft, xAI, and OpenAI, classifiers achieved over 98 percent AUPRC, indicating near-perfect separation between sensitive and normal traffic.

They then simulated a “more realistic surveillance scenario” in which an attacker monitored 10,000 conversations, with only one about the target topic in the mix. They performed this test several times, and in many cases had zero false positives, while catching the money-laundering messages between 5 percent and 50 percent of the time. They wrote:

For many of the tested models, a cyberattacker could achieve 100% precision (all conversations it flags as related to the target topic are correct) while still catching 5-50% of target conversations … To put this in perspective: if a government agency or internet service provider were monitoring traffic to a popular AI chatbot, they could reliably identify users asking questions about specific sensitive topics – whether that’s money laundering, political dissent, or other monitored subjects – even though all the traffic is encrypted.

There are a few different ways to protect against size and timing information leakage. Microsoft and OpenAI adopted a method introduced by Cloudflare to protect against a similar side-channel attack: adding a random text sequence to response fields to vary token sizes, making them unpredictable, and thus mostly defending against size-based attacks.

[…]

Source: LLM side-channel attack could allow snoops to guess topic • The Register