North Korean hackers ScarCruft shift from spying to ransomware, using VCD malware in phishing attacks, targeting South Korea…

North Korean hackers ScarCruft shift from spying to ransomware, using VCD malware in phishing attacks, targeting South Korea with advanced tools. Discover how this new malware marks a shift from espionage to financially motivated cyberattacks.

A well-known North Korean hacking group, ScarCruft, is changing its methods, adding a new type of attack to its usual playbook of spying. Cybersecurity experts from the South Korean firm S2W recently released a report revealing that ScarCruft is now using a new ransomware called VCD.

This is a critical shift, as the group has traditionally focused on stealing information from high-profile people and government agencies in countries like South Korea, Japan, and Russia.

The group’s recent campaign, carried out by a subgroup called ChinopuNK, occurred in July and used phishing emails to target people in South Korea. These emails contained a tricky file disguised as an update for postal codes.

Once opened, this file infected the victim’s computer with more than nine different kinds of malware, including a new variant of a known malware called ChillyChino, and a backdoor that was written in the Rust programming language. Among these were information-stealing programs like LightPeek and FadeStealer, as well as a backdoor called NubSpy that let the hackers secretly control the computer.

ScarCruft Subgroup Classification (Source: S2W)

This backdoor is especially clever because it uses a real-time messaging service called PubNub to hide its malicious traffic within normal network activity. This campaign is also notable because it included the new VCD ransomware, which locks up a person’s files and demands a ransom. The ransom note is even available in both English and Korean.

Attack Flow (Source: S2W)

According to S2W’s Threat Analysis and Intelligence Center (TALON), this new approach suggests that ScarCruft might be adding financially motivated goals to its spying activities. The group is part of a larger network of North Korean hackers who are known to generate money for the country’s government, which is facing many economic sanctions.

A United Nations report from last year (PDF) even stated that North Korean hackers, including groups like Lazarus and Kimsuky, had stolen around $3 billion over six years.

Mayank Kumar, founding AI engineer at the firm DeepTempo, commented on this evolution, highlighting how these attacks are becoming more complex. Sharing his comment with Hackread.com, Kumar said that ScarCruft’s use of ransomware alongside its usual spying tools shows a new trend where nation-backed hacking and criminal tactics are merging.

“Advanced persistent threat groups must expand their toolsets and blur the line between espionage and cybercrime. Defenders must prepare for campaigns where ransomware is one element in a multi-stage operation. Adaptive, deep learning–driven anomaly detection across network traffic, system events, and security logs, paired with strong segmentation, rapid containment, and visibility into both human and automated adversary activity, is essential to counter such blended threats,” Kumar suggested.

North Korean Group ScarCruft Expands From Spying to Ransomware Attacks

Palantir is often called a data broker, a data miner, or a giant database of personal information. In reality, it’s none of these—but even former employees struggle to explain it.

Palantir is often called a data broker, a data miner, or a giant database of personal information. In reality, it’s none of these—but even former employees struggle to explain it.

Illustration: WIRED Staff; Getty Images

Palantir is arguably one of the most notorious corporations in contemporary America. Cofounded by libertarian tech billionaire Peter Thiel, the software firm's work with Immigration and Customs Enforcement, the US Department of Defense, and the Israeli military has sparked numerous protests in multiple countries. Palantir has been so infamous for so long that, for some people, its name has become a cultural shorthand for dystopian surveillance.

But a number of former Palantir employees tell WIRED they believe the public still largely misunderstands what the company actually does and how its software works. Some people think it's a data broker that buys information from private companies and resells it to the government. Others think it’s a data miner, constantly scanning the internet for unique insights it can collect and market to customers. Still others think it maintains a giant, centralized database of information collected from all of its clients. In reality, Palantir does none of these things, but the misconceptions continue to persist.

Palantir has tried to correct the record itself in a series of blog posts with titles like “Palantir Is Not a Data Company” and “Palantir Is Still Not a Data Company.” In the latter, Palantir explains that “misconceptions can arise because our products are complicated,” but nonetheless, “it is absolutely possible” to accurately describe them to “people who are curious.”

The problem, however, is that even ex-employees struggle to provide a clear description of the company. “It's really hard to explain what Palantir works on or what it does,” says Linda Xia, who was an engineer at Palantir from 2022 to 2024. “Even as someone who worked there, it's hard to figure out, how do you give a cohesive explanation?”

Xia was one of 13 former Palantir staffers who signed an open letter published in May arguing that the company risks being complicit in authoritarianism by continuing to cooperate with the Trump administration. She and other former Palantir staffers who spoke to WIRED for this story argue that, in order to grapple with Palantir and its role in the world, let alone hold the company accountable, you need to first understand what it really is.

It’s not that former employees literally _don’t know_ what Palantir is selling. In interviews with WIRED, they spoke fluidly about how its software can connect and transform different kinds of data collected by government agencies and corporations. But when asked to, say, name its direct business competitors, two former Palantir employees who requested anonymity to speak freely about their experiences, struggled to come up with anything. “I still don't know how to answer that question, to be honest,” says one.

Juan Sebastián Pinto, who worked as a content strategist at Palantir and also signed the open letter, says it sells software to other businesses, a category commonly referred to in Silicon Valley as B2B SaaS. Another former staffer says Palantir provides “really extravagant plumbing with data.”

Xia calls Foundry, one of Palantir's flagship software platforms, “a collection of different applications” that customers use to “operationalize data.” A fourth ex-employee dubbed Foundry a “super-charged filing cabinet.” While all of these descriptions are technically accurate, they could also apply to products from hundreds of other tech companies. So what sets Palantir apart?

Part of the answer may lie in Palantir’s marketing strategy. Pinto says he believes that the company, which recently began using the tagline “software that dominates,” has cultivated its mysterious public image on purpose. Unlike consumer-facing startups that need to clearly explain their products to everyday users, Palantir’s main audience is sprawling government agencies and Fortune 500 companies.

What it’s ultimately selling them is not just software, but the idea of a seamless, almost magical solution to complex problems. To do that, Palantir often uses the language and aesthetics of warfare, painting itself as a powerful, quasi-military intelligence partner. “Palantir is here to disrupt and make the institutions we partner with the very best in the world,” Palantir CEO Alexander Karp says in a February 2025 earnings call, “And when it's necessary, to scare enemies, and on occasion, kill them.”

Palantir sends its employees to work inside client organizations essentially as consultants, helping to customize their data pipelines, troubleshoot problems, and fix bugs. It calls these workers “forward deployed software engineers,” a term that appears to be inspired by the concept of forward-deployed troops, who are stationed in adversarial regions to deter nearby enemies from attacking.

A former Palantir employee tells WIRED that the company also has code words for certain job titles—like “Delta” for a forward deployed engineer, and “Echo” for Palantir’s version of a product manager—which they say are sourced from the North Atlantic Treaty Organization's phonetic alphabet of code words meant for use over military radio.

A different former employee tells WIRED that Palantir staffers will often use the military term “FYSA,” or “for your situational awareness,” instead of “FYI.” Many Palantir emails, they say, also begin with “BLUF:” or “bottom line up front,” followed by a short summary of key details or events. (It’s essentially the military equivalent of “TLDR,” or “too long didn’t read.”) The ex-staffer says this jargon can be traced back to Palantir's first clients, which included US intelligence and military agencies.

But arguably Palantir’s most recognizable jargon is borrowed from the _Lord of the Rings_ universe. The company’s name is a reference to J.R.R. Tolkien’s “palantíri,” magical stones that can be used to communicate, see faraway places, and observe moments from the past and future.

Palantir’s employees are also sometimes called “hobbits.” According to one former employee, a common internal motto in Palantir’s early days was “Save the Shire,” a reference to the hobbit homeland, which they say was a rallying cry that reflected the company’s ethos at the time.

“It was all about ‘Save the Shire’ and do good for the war fighters,” the ex-staffer says. “It was all about, really, we are going in and solving hard problems.”

In response to a detailed request for comment from WIRED, Palantir spokesperson Lisa Gordon said in a statement that the company is “proud to support the US government, especially our warfighters,” and that it has never wavered from its founding mission “to support the West and empower the world’s most important institutions.” Gordon added that the open letter criticizing Palantir was only signed by a small portion of the company’s approximately 8,000 employees and alumni.

**Dawn of Big Data**

Underneath the jargon and marketing, Palantir sells tools that its customers—corporations, nonprofits, government agencies—use to sort through data. What makes Palantir different from other tech companies is the scale and scope of its products. Its pitch to potential customers is that they can buy one system and use it to replace perhaps a dozen other dashboards and programs, according to a 2022 analysis of Palantir’s offerings published by blogger and data engineer Ben Rogojan.

Crucially, Palantir doesn’t reorganize a company's bins and pipes, so to speak, meaning it doesn’t change how data is collected or how it moves through the guts of an organization. Instead, its software sits on top of a customer’s messy systems and allows them to integrate and analyze data without needing to fix the underlying architecture. In some ways, it’s a technical band-aid. In theory, this makes Palantir particularly well suited for government agencies that may use state-of-the-art software cobbled together with programming languages dating back to the 1960s.

Palantir began gaining steam in the 2010s, a decade when corporate business discourse was dominated by the rise of “Big Data.” Hundreds of tech startups popped up promising to disrupt the market by leveraging information that was now readily available thanks to smartphones and internet-connected sensors, including everything from global shipping patterns to the social media habits of college students. The hype around Big Data put pressure on companies, especially legacy brands without sophisticated technical know-how, to upgrade their software, or else risk looking like dinosaurs to their customers and investors.

But it’s not exactly easy or cheap to upgrade computer systems that may date back years, or even decades. Rather than tearing everything down and building anew, companies may want a solution designed to be slapped on top of what they already have. That’s where Palantir comes in.

Palantir’s software is designed with nontechnical users in mind. Rather than relying on specialized technical teams to parse and analyze data, Palantir allows people across an organization to get insights, sometimes without writing a single line of code. All they need to do is log into one of Palantir’s two primary platforms: Foundry, for commercial users, or Gotham, for law enforcement and government users.

**The Sales Pitch**

Foundry focuses on helping businesses use data to do things like manage inventory, monitor factory lines, and track orders. Gotham, meanwhile, is an investigative tool specifically for police and government clients, designed to connect people, places, and events of interest to law enforcement. There’s also Apollo, which is like a control panel for shipping automatic software updates to Foundry or Gotham, and the Artificial Intelligence Platform, a suite of AI-powered tools that can be integrated into Gotham or Foundry.

Foundry and Gotham are similar: Both ingest data and give people a neat platform to work with it. The main difference between them is what data they’re ingesting. Gotham takes any data that government or law enforcement customers may have, including things like crime reports, booking logs, or information they collected by subpoenaing a social media company. Gotham then extracts every person, place, and detail that might be relevant. Customers need to already have the data they want to work with—Palantir itself does not provide any.

A former Palantir staffer who has used Gotham says that, in just minutes, a law enforcement official or government analyst can map out who may be in a person’s network and see documents that link them together. They can also centralize everything an agency knows about a person in one place, including their eye color from their driver’s license, or their license plate from a traffic ticket—making it easy to build a detailed intelligence report. They can also use Gotham to search for a person based on a characteristic, like their immigration status, what state they live in, or whether they have tattoos.

The sales pitch for tools like Foundry and Gotham is that they can transcend all of the challenges associated with storing and structuring data, and naturally bring investigations and business decisionmakers to the correct solution. With an objectively superior technology, the thinking goes, the best possible outcomes will follow.

A version of this logic pervades the internal culture at Palantir. When asked what distinguishes it from other tech companies, former employees consistently mentioned its “flat” staffing structure. Engineers can laterally move to more prestigious or challenging projects if they prove worthy based on their skills and connections. One former staffer tells WIRED that this made the company feel like a meritocracy where the best people, and the best ideas, naturally rise to the top.

Some former employees say that Palantir’s meritocratic culture helped cultivate a sense of loyalty among staff. But they also believe that this can make it difficult to speak out against the company or its business decisions. (Gordon said that Palantir “prides itself on a culture of fierce internal dialog and disagreement on difficult issues related to our work.”)

During her time at Palantir, Xia says she worked exclusively with private businesses using Foundry. However, she felt a nagging discomfort about the military work happening in other parts of the organization. “I did the thing that I think a lot of people do,” Xia says, “which is, I just didn't engage with it.”

Since leaving Palantir, Pinto says he’s spent a lot of time reflecting on the company’s ability to parse and connect vast amounts of data. He’s now deeply worried that an authoritarian state could use this power to “tell any narrative they want” about, say, immigrants or dissidents it may be seeking to arrest or deport. He says that software like Palantir’s doesn’t eliminate human bias.

People are the ones that choose how to work with data, what questions to ask about it, and what conclusions to draw. Their choices could have positive outcomes, like ensuring enough Covid-19 vaccines are delivered to vulnerable areas. They could also have devastating ones, like launching a deadly airstrike, or deporting someone.

In some ways, Palantir can be seen as an amplifier of people’s intentions and biases. It helps them make evermore precise and intentional decisions, for better or for worse. But this may not always be obvious to Palantir’s users. They may only experience a sophisticated platform, sold to them using the vocabulary of warfare and hegemony. It may feel as if objective conclusions are flowing naturally from the data. When Gotham users connect disparate pieces of information about a person, it could seem like they are reading their whole life story, rather than just a slice of it.

“It's a really powerful tool,” says one former Palantir employee. “And when it's in the wrong hands, it can be really dangerous. And I think people should be really scared about it.”

Caroline Haskins is a business reporter at WIRED, covering Silicon Valley, surveillance, and labor. She has previously worked as a staff reporter at Business Insider, BuzzFeed News, and Vice's Motherboard, as well as a research editor at Business Insider. ... Read More

What Does Palantir Actually Do?

Gaming cheats are the bane of the video game industry—and a hot commodity. A recent study found that cheat creators are making a fortune from gamers looking to gain a quick edge.

Software that can see opponents through walls. Aimbots that can lock onto other players automatically. Tools that can boost characters’ stats to the max. The world of online game cheats is expansive—with some cheat websites advertising hacks for dozens of PC games—and it’s being driven by an underground economy that’s allegedly raking in millions every year.

Over the last two years, a group of computer scientists has been analyzing and mapping the online cheat marketplace, observing what behaviors get people banned from games, and probing the effectiveness of anti-cheat systems created by games developers. Combined, 80 cheat websites are likely making between $12.8 million and $73.2 million annually—that’s around $1.1 million to $6.1 million per month, say the academics from the University of Birmingham, in the UK.

“People can really make a lot of money from selling cheats, and companies have a lot to lose if a game is seen as full of cheaters,” says Tom Chothia, a cybersecurity professor at the University of Birmingham. Last week, along with assistant professor Marius Muench and PhD researcher Sam Collins, Chothia presented findings about the cheat economy and research on how robust anti-cheat systems are at the Black Hat cybersecurity conference in Las Vegas.

Across the North American and European cheat-selling websites they analyzed, the researchers estimate that around 30,000 to 174,000 people may be buying cheats per month. The estimates, which were first published last year, are likely an undercount of the size of the whole cheat ecosystem, the researchers say, as they don’t include cheats purchased from forums, websites in Asia, or the amount of people using free cheats. (The figures largely tally with a previous $100 million estimate for the overall cheats economy.)

The cheating community—both those who develop and sell cheats, and those who are interested in buying and using them—sprawls across the web. As well as dedicated cheat-selling websites, there are resellers, Discord communities, forums, smaller groups that sell cheats, and widespread marketing that tries to get cheats in front of people’s eyeballs. Cheats can operate by either inserting code into the game’s internal processes or parsing what is happening onscreen and taking actions outside of the game’s mechanics—the most sophisticated can involve external hardware.

In recent years, the markets for selling cheats have become more industrialized. “They look like really professionally done online shops,” Collins says. Some cheat websites sell cheats for one-time use, but others charge recurring subscriptions, such as every month or 90 days. Subscriptions allow people to continue using the cheats’ features over time, get updates if cheats stop working, and receive support from the developers. According to the academics’ analysis, where they gathered data toward the end of 2023 and focused on software cheats, the minimum price for a cheat across the 80 websites was $6.63. Meanwhile, the most expensive price was $254.28. Many are under $100 per month, depending on the subscription type.

Some of the websites have their own customer service processes and accept payments from a number mainstream payment services, Collins explains. “The staff are quite professional,” he explains. “They’re not afraid to be rude to you if they don’t like you, but they try to be pretty professional.” Core to a cheat website’s success is whether the cheats actually work and—crucially—how long they will work for. Sites have “status” indicators, showing whether a cheat is currently thought to be working.

It’s all part of the ongoing tussle between the cheat developers and games companies, which spend money on developing anti-cheat software and trying to limit nefarious behavior in their games—sometimes including lawsuits around perceived copyright issues. “It's a legal gray area. It's not illegal to sell cheats” in most countries, Chothia says, noting that China and South Korea are among the few countries that have made it a crime to use cheat software.

Andrew Hogan, a cofounder of games threat intelligence company Intorqa, which provides data to gaming companies about the cheat ecosystem, says developers are always evolving their cheats, becoming more technical, and trying to find ways around anti-cheat systems. “Even the best cheats will be detected,” Hogan says. “They don't work forever and often don’t even work for a week. But we see cheat developers who are updating their sheets every one and a half days.”

The cheat sites can make big claims themselves. One site’s public web pages say it undertakes “consistent testing daily” to make sure its cheats are still operating, claiming that its hacks “can be used without bans for a long time.” “Several of our cheats have yet to be detected from the time of their release,” the website says. Another cheats website claims its hacks are “undetectable” and that its offerings can be customized: “Tailor the cheats to fit your specific needs and play style.”

Three cheat websites contacted by WIRED did not respond to emails asking for interviews or answer questions.

While cheats and anti-cheats are getting more sophisticated in most cases, Hogan says there has recently been a “resurgence” in an older cheat method called pixelbots—but now they’ve been rebranded as AI-aimbots. The bots, which are an external kind of cheat, read what is happening on the screen and aim for the cheating player. Only now they’ve been improved by developers using computer vision. “They're much easier and quicker for developers to create using machine learning and AI and object detection programs,” Hogan says, noting that there has been a surge of their use in recent months.

Over time, the enduring popularity of cheats and the money involved has also, inevitably, brought with it the attention of cybercriminals and scammers. In recent years, thousands of government and university websites around the world have been hacked to push Roblox and Fortnite “offers,” that are actually used to push malware and obtain personal information. Kids trying to cheat in Gorilla Tag, an ape-based chase game, have been found installing a dubious VPN that could hijack their internet traffic. The researchers do say that in their analysis of 80 cheat-selling websites they didn’t find any direct evidence of scams or malware, most likely because they are trying to make money and build strong reputations.

As the cheat and anti-cheat development battle has become more sophisticated, both sides have moved into the kernel, the core of a computer’s operating system. Deploying kernel drivers, at the deepest level of the OS, where they have high levels of access, creates the risks of everything from system level crashes to potential privacy and security vulnerabilities—giving anyone virtually unfettered control over your PC is never a good idea. For an example of the issues that kernel access can cause, Crowdstrike’s botched update last year that crashed millions of computers around the world was possible because its software had kernel access. Microsoft announced it would move antivirus products and endpoint detection and response (EDR) out of the kernel in the future.

In April, Elise Murphy, head of game security at Electronic Arts, wrote in a blog post that the company’s Jevelin anti-cheat system has blocked 33 million attempts at cheating since the software launched in 2022. “The kernel is the deepest part of the operating system, and if cheats operate from there while the anti-cheat does not, they can hide everything they are doing with no chance for us to detect or prevent any of it,” Murphy wrote.

According to the University of Birmingham researchers, this kernel-level access makes anti-cheat systems incredibly robust when it comes to actually defending against cyberattacks as well. “One of our findings is that your laptop’s probably never as safe as when you are playing Fortnite; anti-cheat protection will actually keep you safe from a whole range of malware, which normal antivirus will miss,” Chothia says.

Inside the Multimillion-Dollar Gray Market for Video Game Cheats

Cybersecurity researchers have uncovered a jailbreak technique to bypass ethical guardrails erected by OpenAI in its latest large language model (LLM) GPT-5 and produce illicit instructions.
Generative artificial intelligence (AI) security platform NeuralTrust said it combined a known technique called Echo Chamber with narrative-driven steering to trick the model into producing undesirable

Researchers Uncover GPT-5 Jailbreak and Zero-Click AI Agent Attacks Exposing Cloud and IoT Systems

Plus: Instagram sparks a privacy backlash over its new map feature, hackers steal data from Google's customer support system, and the true scope of the Columbia University hack comes into focus.

This is the week of Black Hat and Defcon, which means a flood of news coming out of the Las Vegas security conferences. As you might expect, artificial intelligence was one popular topic—specifically, using AI chatbots to cause mischief.

One team of researchers, from Tel Aviv University, created a clever attack that allowed them to take over a target’s smart home devices using a “poisoned” Google Calendar invite. It’s the first known attack method that used AI to impact physical devices.

Another researcher used a poisoned document that included a malicious prompt to trick ChatGPT into leaking a user’s private information when it’s connected to a Google Drive.

In non-AI news, an end-to-end encryption algorithm recommended for radio communications used by police and military around the world can be easily cracked, according to new research. The researchers warn that weak implementations of the encryption algorithm could allow eavesdroppers to listen in—or even transmit their own messages.

Speaking of weaknesses, a security researcher found that misconfigured APIs in some streaming platforms used for company meetings and sports livestreams can allow someone to watch the streams without logging in. And a teen hacker discovered that an internet-connected smoke and vape detector in his high school’s bathroom contained microphones—and can be exploited for secret spying.

A leaked trove of data has exposed how teams of suspected North Korean IT scam workers operate, from their meticulous record keeping to the after-work activities—and their near-constant surveillance by people running the schemes.

Finally, in the last of our Black Hat- and Defcon-related news (so far), a pair of security researchers discovered a backdoor in an electronic lock used in at least eight brands of safes, and created a way to open the locks in seconds. They also found another vulnerability that allows them to figure out a safe’s unlock code.

We also took a deep dive into the US military’s slot machine program, spoke with experts who say it’s inevitable that AI will become part of nuclear weapons systems, and revealed a string of break-ins of National Guard armories in Tennessee that experts say is part of a disturbing trend.

And that’s not all. Each week, we round up the security and privacy news we didn’t cover in-depth ourselves. Click the headlines to read the full stories. And stay safe out there.

**Hack of US Court System Exposed Sealed Records, FBI Says**

A previously unreported cyberattack breached the federal judiciary’s electronic case filing system, potentially exposing the identities of confidential informants and compromising sealed court records across multiple US states, Politico reports. The breach was discovered around July 4 and affects the CM/ECF—or “case management/electronic case files”—system used by courts to manage sensitive documents.

Sources told Politico the hack may have impacted criminal dockets, arrest warrants, and sealed indictments, raising concerns that cooperating witnesses could be at risk. The actor behind the intrusion has not been exposed. The Administrative Office of the US Courts and FBI declined to provide Politico with a comment.

In response to recent cyberattacks, the federal judiciary said its been in the process of implementing new safeguards to address the judiciary’s ongoing exposure to “constant and sophisticated” cyber threats.

The incident highlights longstanding warnings that the judiciary’s systems are outdated and vulnerable. A top federal judge told Congress in June that CM/ECF and PACER face “unrelenting security threats” and need urgent replacement.

**Instagram’s New Map Feature Triggers Privacy Backlash**

Instagram’s latest feature—a searchable map showing user-posted content tagged to specific locations—has sparked a wave of privacy concerns, CNBC reports. Rolled out this week, the feature lets users explore photos and videos by browsing a visual map interface.

But users quickly raised alarms about the potential for stalking, harassment, and data misuse, especially for influencers and others posting real-time content from identifiable locations. “Instagram randomly updating their app to include a maps feature without actually alerting people is so incredibly dangerous to anyone who has a restraining order and actively making sure their abuser can’t stalk their location online,” one viral post warned.

Instagram said the feature only shows content from public accounts and reiterated that users can turn off location tagging. Still, the backlash echoes broader concerns about how tech platforms rapidly aggregate and expose personal data in ways that outpace users’ expectations and consent.

**Hackers Breached Google’s Salesforce Database, Stole Customer Data**

Hackers stole data from Google’s customer support system in a breach linked to a compromised Salesforce account, TechCrunch reports. The intrusion, disclosed Wednesday, affected an undisclosed number of Google customers and involved unauthorized access to data such as contact details and “related notes for small and medium-sized businesses.”

The attackers reportedly targeted the data through Salesforce cloud systems. Google’s Threat Intelligence Group pinned the attack on ShinyHunters, a hacking group known for targeting large companies’ cloud-based databases, including Salesforce systems.

The breach affecting Google follows similar attacks on Cisco, Qantas, and Pandora, where attackers used voice phishing to trick employees into granting access. Google says the group may be preparing a leak site to extort victims and is linked to other cybercriminal collectives like The Com, which has a history of hacking and extortion.

**Columbia University Hack Exposed Data of 870,000 People**

A cyberattack on Columbia University compromised the personal information of nearly 870,000 individuals, including students, applicants, and possibly staff, Bloomberg reports. The stolen data includes contact information, academic records, financial aid details, and some health and insurance information, according to draft letters, intended for victims, obtained by the news outlet.

The breach, which dates back to mid-May, was only publicly acknowledged after Columbia filed reports with state attorneys general in California and Maine. A university official previously claimed the perpetrator was politically motivated. The school claims it has implemented new safeguards and continues to notify affected individuals.

The incident preceded a campus-wide IT outage in June. The school reportedly suspected a potential cyberattack at the time.

The US Court Records System Has Been Hacked

At the Defcon security conference in Las Vegas on Friday, Nakasone tried to thread the needle in a politically fraught moment while hinting at major changes for the tech community around the corner.

The Trump administration's radical changes to United States fiscal policy, foreign relations, and global strategy—combined with mass firings across the federal government—have created uncertainty around US cybersecurity priorities that was on display this week at two of the country's most prominent digital security conferences in Las Vegas. “We are not retreating, we're advancing in a new direction,” Cybersecurity and Infrastructure Security Agency chief information officer Robert Costello said on Thursday during a critical infrastructure defense panel at Black Hat.

As in other parts of the federal government, the Trump administration has been combing intelligence and cybersecurity agencies to remove officials seen as disloyal to its agenda. Alongside these shifts, the White House has also been hostile to former US cybersecurity officials. In April, for example, Trump specifically directed all departments and agencies to revoke the security clearance of former CISA director Chris Krebs. And last week, following criticism from far-right activist Laura Loomer, the secretary of the Army rescinded an academic appointment that former CISA director Jen Easterly had been scheduled to fill at West Point. Amid all of this, former US National Security Agency and Cyber Command chief Paul Nakasone spoke with Defcon founder Jeff Moss in an onstage discussion on Friday, focusing on AI, cybercrime, and the importance of partnerships in digital defense.

“I think we've entered a space now in the world where technology has become political and basically every one of us is conflicted,” Moss said at the beginning of the discussion. Nakasone, who is on the board of OpenAI, agreed, citing Trump's January launch of the “Stargate” AI infrastructure initiative flanked by Oracle's Larry Ellison, SoftBank's Masayoshi Son, and OpenAI's Sam Altman. “And then two days later, just by chance, \[the Chinese generative AI platform\] DeepSeek came out,” Nakasone deadpanned. “Amazing.”

Nakasone also reflected on demographic differences between the US federal government and the tech sector.

“When I was the director of NSA and commander of US Cyber Command, every single quarter I would go to the Bay or I'd go to Texas or Boston or other places to see technology,” he said. “And every place that I went to, I was twice the age of the people that talked to me. And then when I came back to DC and I sat at the table, I was one of the younger people there. OK, that's a problem. That's a problem for our nation.”

Throughout the discussion, Nakasone largely geared his remarks toward efforts to counter traditional US rivals and adversaries, including China, Iran, North Korea, and Russia, as well as specific digital threats.

“Why aren't we thinking differently about ransomware, which I think right now is among the great scourges that we have in our country,” he said. “We are not making progress against ransomware.”

At times, though, Moss attempted to steer the conversation toward geopolitical changes and conflicts around the world that are fueling uncertainty and fear.

“How do you be neutral in this environment? Can you be neutral? Or is the world's environment since last year, Ukraine, Israel, Russia, Iran, just take your pick, America—how does anybody remain neutral?" Moss asked at the beginning of the conversation. Later he added, “I think because I'm so stressed out by the chaos of the situation, I'm trying to feel how do I get control?”

Referencing these remarks and comments Moss had made about turning to open source software platforms as a community-building alternative to multinational tech companies, Nakasone hinted at Moss' notion that the world and its entering a precarious state of flux.

“This is going to be an interesting storyline that we play out through ‘25 and ’26. When we come back \[to Defcon\] next year to have this discussion, will we still be able to have this sense of, oh, we're truly neutral? I sense not. I think it's going to be very, very difficult.”

Ex-NSA Chief Paul Nakasone Has a Warning for the Tech World

Security researchers found two techniques to crack at least eight brands of electronic safes—used to secure everything from guns to narcotics—that are sold with Securam Prologic locks.

About two years ago, security researchers James Rowley and Mark Omo got curious about a scandal in the world of electronic safes: Liberty Safe, which markets itself as “America’s #1 heavy-duty home and gun safe manufacturer,” had apparently given the FBI a code that allowed agents to open a criminal suspect's safe in response to a warrant related to the January 6, 2021, invasion of the US Capitol building.

Politics aside, Rowley and Omo were taken aback to read that it was so easy for law enforcement to penetrate a locked metal box—not even an internet-connected device—that no one but the owner ought to have the code to open. “How is it possible that there's this physical security product, and somebody else has the keys to the kingdom?” Omo asks.

So they decided to try to figure out how that backdoor worked. In the process, they'd find something far bigger: another form of backdoor intended to let authorized locksmiths open not just Liberty Safe devices, but the high-security Securam Prologic locks used in many of Liberty’s safes and those of at least seven other brands. More alarmingly, they discovered a way for a hacker to exploit that backdoor—intended to be accessible only with the manufacturer's help—to open a safe on their own in seconds. In the midst of their research, they also found _another_ security vulnerability in many newer versions of Securam's locks that would allow a digital safecracker to insert a tool into a hidden port in the lock and instantly obtain a safe’s unlock code.

Security researchers James Rowley and Mark Omo.Photograph: Ronda Churchill

At the Defcon hacker conference in Las Vegas today, Omo and Rowley made their findings public for the first time, demonstrating onstage their two distinct methods for opening electronic safes sold with Securam ProLogic locks, which are used to protect everything from personal firearms to cash in retail stores to narcotics in pharmacies.

While both their techniques represent glaring security vulnerabilities, Omo says it's the one that exploits a feature intended as a legitimate unlock method for locksmiths that's the more widespread and dangerous. “This attack is something where, if you had a safe with this kind of lock, I could literally pull up the code right now with no specialized hardware, nothing,” Omo says. “All of a sudden, based on our testing, it seems like people can get into almost any Securam Prologic lock in the world.”

Omo and Rowley demonstrate both their safecracking methods in the two videos below, which show them performing the techniques on their own custom-made safe with a standard, unaltered Securam ProLogic lock:

**Security Update? No, Buy a New Lock**

Omo and Rowley say they informed Securam about both their safe-opening techniques in spring of last year, but have until now kept their existence secret because of legal threats from the company. “We will refer this matter to our counsel for trade libel if you choose the route of public announcement or disclosure,” a Securam representative wrote to the two researchers ahead of last year's Defcon, where they first planned to present their research.

Only after obtaining pro bono legal representation from the Electronic Frontier Foundation's Coders’ Rights Project did the pair decide to follow through with their plan to speak about Securam's vulnerabilities at Defcon. Omo and Rowley say they're even now being careful not to disclose enough technical detail to help others replicate their techniques, while still trying to offer a warning to safe owners about two different vulnerabilities that exist in many of their devices.

When WIRED reached out to Securam for comment, the company’s CEO, Chunlei Zhou, responded in a statement. “The specific ‘vulnerabilities’ alleged by Omo and Rowley are already well known to industry professionals and in fact, also affect other safe lock providers that use similar chips,” Zhou writes. “Delivering any attack based on these vulnerabilities does require specialized knowledge, skills, and equipment, and we have no record of any customer that has ever had even a single safe lock defeated through a use of this attack.”

Zhou’s statement goes on to point to other ways safes’ locks can be opened from drilling and cutting to the use of a locksmith device called a Little Black Box that exploits vulnerabilities in some brands of electronic safe locks.

Omo and Rowley respond that the vulnerabilities they found were not previously known to the public; one of the two does not require _any_ special equipment, despite Zhou’s claim; and none of the other techniques Zhou mentions represents as serious a security flaw as their findings about the Securam ProLogic locks. The brute-force safecracking methods Zhou points to, like cutting and drilling are far slower and less stealthy—or, like the Little Black Box, are available only to locksmiths and haven’t been publicly shown to be exploitable by unauthorized hackers.

Zhou added in his statement that Securam will be fixing the vulnerabilities Omo and Rowley found in future models of the ProLogic lock. “Customer security is our priority and we have begun the process of creating next-generation products to thwart these potential attacks,” he writes. “We expect to have new locks on the market by the end of the year.”

Photograph: Ronda Churchill

In a followup call, Securam director of sales Jeremy Brookes confirmed that Securam has no plan to fix the vulnerability in locks already in use on customers’ safes, but suggests safe owners who are concerned buy a new lock and replace the one on their safe. “We’re not going to be offering a firmware package that upgrades it,” Brookes says. “We’re going to offer them a new product.”

Brookes adds that he believes Omo and Rowley are “singling out” Securam with the intention of “discrediting” the company.

Omo responds that’s not at all their intent. “We’re trying to make the public aware of the vulnerabilities in one of the most popular safe locks on the market,” he says.

**A Senator’s Warning**

Beyond Liberty Safe, Securam ProLogic locks are used by a wide variety of safe manufacturers including Fort Knox, High Noble, FireKing, Tracker, ProSteel, Rhino Metals, Sun Welding, Corporate Safe Specialists, and pharmacy safe companies Cennox and NarcSafe, according to Omo and Rowley’s research. The locks can also be found on safes used by CVS for storing narcotics and by multiple US restaurant chains for storing cash.

Rowley and Omo aren't the first to raise concerns about the security of Securam locks. In March of last year, US senator Ron Wyden wrote an open letter to Michael Casey, then director of the National Counterintelligence and Security Center, urging Casey to make clear to American businesses that safe locks made by Securam, which is owned by a Chinese parent company, have a manufacturer reset capability. That capability, Wyden wrote, could be used as a backdoor—a risk that had already led to Securam locks being prohibited for US government use like all other locks with a manufacturer reset, even as they're widely used by private US companies.

In response to learning about Rowley and Omo’s research, Wyden wrote in a statement to WIRED that the researchers’ findings represent exactly the risk of a backdoor—whether in safes or in encryption software—that he’s tried to call attention to.

“Experts have warned for years that backdoors will be exploited by our adversaries, yet instead of acting on my warnings and those of security experts, the government has left the American public vulnerable,” Wyden writes. “This is exactly why Congress must reject calls for new backdoors in encryption technology and fight all efforts by other governments, such as the UK, to force US companies to weaken their encryption to facilitate government surveillance.”

**ResetHeist**

Rowley and Omo’s research began with that same concern, that a largely undisclosed unlocking method in safes might represent a broader security risk. They initially went searching for the mechanism behind the Liberty Safe backdoor that had caused a backlash against the company in 2023, and found a relatively straightforward answer: Liberty Safe keeps a reset code for every safe and, in some cases, makes it available to US law enforcement.

Liberty Safe has since written on its website that it now requires a subpoena, a court order, or other compulsory legal process to hand over that master code, and will also delete its copy of the code at a safe owner’s request.

Rowley and Omo planned to reveal the existence of Securam’s vulnerabilities more than a year ago, but held off until now due to the company’s legal threats.Photograph: Ronda Churchill

Rowley and Omo didn't find any security flaw that would allow them to abuse that particular law-enforcement-friendly backdoor. When they started examining the Securam ProLogic lock, however, their research on the higher-end version of the two kinds of Securam lock used on Liberty Safe products revealed something more intriguing. The locks have a reset method documented in their manual, intended in theory for use by locksmiths helping safe owners who have forgotten their unlock code.

Enter a “recovery code” into the lock—set to “999999” by default—and it uses that value, another number stored in the lock called an encryption code, and a third, random variable to compute a code that's displayed on the screen. An authorized locksmith can then read that code to a Securam representative over the phone, who then uses that value and a secret algorithm to compute a reset code the locksmith can enter into the keypad to set a new unlock combination.

Omo and Rowley found that by analyzing the Securam ProLogic's firmware, however, they could find everything they needed to compute that reset code themselves. “There's no hardware security to speak of,” says Rowley. “So we could reverse engineer the whole secret algorithm just by reading the firmware that's in the lock.” The resulting safecracking method requires little more than punching a few numbers into a Python script they wrote. They call the technique ResetHeist.

The researchers note that safe owners can prevent this ResetHeist technique by changing their lock's recovery code or its encryption code. But Securam doesn't recommend that safeguard in any user documentation the researchers could find online, only in a manual for some manufacturers and locksmiths. In another Securam webinar Omo and Rowley found, Securam notes that you can change the codes, but that it’s not necessary, and that the codes are “usually never” changed. In every lock the researchers tested, including about a handful they bought used from eBay, the codes hadn't been changed. “We have not bought a lock on which the recovery method didn't work,” Omo says.

**CodeSnatch**

The second technique the researchers developed, which they call CodeSnatch, is more straightforward. By removing the battery from a Securam ProLogic lock and inserting a small handheld tool they made with a Raspberry Pi minicomputer into an exposed debug port inside, they can extract a “super code” combination from the lock that's displayed on their tool's screen and can be used to immediately open the lock.

The researchers found that CodeSnatch trick by reverse engineering the Renesas chip that serves as the lock's main processor. That task was made far easier by the work of a group called fail0verflow, which had published their analysis of the same Renesas chip as part of their efforts to crack the PlayStation 4, which also uses that processor. Omo and Rowley built their tool to reprogram the chip's firmware to dump all of its information via the debug port—including the encrypted “super code” and the key, also stored on the chip, that decrypts it. “It's really not that challenging,” says Rowley. “Our little tool does that, and then it tells you what the super code is.”

Gaining access to the lock's code via its debug port does require inputting a password. But Omo and Rowley say that password was absurdly simple, and they successfully guessed it. They found that in one newer Securam ProLogic lock manufactured in March of this year, Securam had changed the password, but they were able to learn it again by using a “voltage glitching” technique: By soldering a switch to the voltage regulator on the chip, they could mess with its electrical voltage at the exact moment it performed the password check to bypass that check and then dump the chip's contents—including the new password.

Photograph: Ronda Churchill

In addition to Securam, WIRED reached out to 10 safe manufacturers that appear to use Securam ProLogic locks on their safes, as well as CVS. Most didn’t respond, but a spokesperson for High Noble Safe Company wrote in a statement that WIRED’s inquiry was the first it was learning of Securam’s vulnerabilities, and that it’s now reviewing the security of the locks used by its product line and preparing guidance for customers including “additional physical security measures or potential replacement options.”

A Liberty Safe representative similarly noted the company wasn’t previously aware of Securam’s vulnerabilities. “We are currently investigating this issue with SecuRam and will do whatever it takes to protect our customers,” a statement from the spokesperson reads, “including validating other potential lock suppliers and developing a new proprietary lock system.”

A CVS spokesperson declined to comment on “specific security protocols or devices,” but wrote that “the safety of our employees and patients is a top priority and we are committed to maintaining the highest physical security standards.”

**“Safes That Aren’t Safe”**

Rowley and Omo say that patching Securam Locks' security flaws is possible—their own CodeSnatch tool, in fact, could itself be used to update the locks' firmware. But any such fix would have to be implemented manually, lock by lock, a slow and expensive process.

Although Omo and Rowley aren't releasing the full technical details or any proof-of-concept code for their techniques, they warn that others with less benevolent intentions could still figure out how to replicate their safecracking tricks. “If you have the hardware and you're skilled in the art, this would be roughly a one-week thing,” Omo says.

He and Rowley decided to go public with their research despite that risk to make safe owners aware that their locked metal boxes may not be as secure as they think. More broadly, Omo says that they wanted to call attention to the wide gaps in US cybersecurity standards for consumer products. Securam locks are certified by Underwriters Laboratory, he points out—yet suffered from critical security flaws that will be tough to fix. (Underwriters Laboratory did not immediately respond to WIRED’s request for comment.)

In the meantime, they say, safe owners should at least know about their safes' flaws—and not rely on a false sense of security.

“We want Securam to fix this, but more importantly we want people to know how bad this can be,” Omo says. “Electronic locks have electronics inside. And electronics are hard to secure.”

Hackers Went Looking for a Backdoor in High-Security Safes—and Now Can Open Them in Seconds

A security researcher discovered that flawed API configurations are plaguing corporate livestreaming platforms, potentially exposing internal company meetings—and he's releasing a tool to find them.

Top streaming services like Netflix and Disney+ have made sustained investments over the years to lock their content down. Whenever they can, they prevent users from accessing videos without a subscription or watching region-blocked content. New findings presented today at the Defcon security conference in Las Vegas, though, indicate that streaming platforms used for things like internal corporate broadcasts and sports livestreams can contain basic design flaws that allow anyone to access a vast swath of content without logging in.

Independent researcher Farzan Karimi first realized years ago that misconfigurations in application programming interfaces, or APIs, exposed streaming content to unauthorized access. In 2020 he disclosed a set of such flaws to Vimeo that could have allowed him to access close to 2,000 internal company meetings along with other types of livestreams. The company quickly fixed the issue at the time, but the finding left Karimi with concerns that similar problems could be lurking in other platforms.

Years later, he realized that by refining a technique for mapping how APIs retrieve data and interact, he could look for other vulnerable platforms. At Defcon, Karimi is presenting findings about current exposures in one mainstream sports streaming platform—he is not naming the site because the issues are not yet resolved—and releasing a tool to help others identify the problem in additional sites.

“For a company all hands or other sensitive meeting, there might be key internal information being shared—CEOs or other executives talking about layoffs or sensitive intellectual property,” Karimi told WIRED ahead of his conference talk. “You can see a bad pattern emerge in how easily you can circumvent authentication to access streams, but this class of issue was previously dismissed as requiring deep knowledge of a given business to identify.”

APIs are services that fetch and return data to whoever requests it. Karimi gives the example that you can search for the movie _Fight Club_ on a streaming platform, and the stream for the movie may come back with information about the length of the movie, trailers, actors in the movie, and other metadata. Multiple APIs work together to assemble all of this information with each fetching certain types of data. Similarly, if you search for Brad Pitt, a set of APIs will interact to deliver _Fight Club_ along with other movies he's starred in like _Troy_ and _Seven_. Some of these APIs are designed to require proof of authentication before they will return results, but if a system hasn't been scrutinized deeply, it is common for other APIs to blindly return data without requiring proof of authorization on the assumption that only an authenticated requestor will be in a position to send queries.

“Often there are basically four, five, some number of APIs that have all this metadata, and if you know how to trace through them, you can unlock paywalled content for free,” Karimi says. “It's a ‘security through obscurity’ model where they would never think that someone would be able to manually connect the dots between these APIs. The automation I’m introducing, though, helps find these authorization flaws quickly at scale.”

Karimi emphasizes that top streaming services are largely locked down and either corrected such API misconfigurations long ago or avoided them from the start. But he emphasizes that more utilitarian platforms for corporate streaming and other live events—including always-on cameras in sports arenas and other venues that are meant to only be accessible at certain times—are likely vulnerable and exposing video that is thought to be protected.

A Misconfiguration That Haunts Corporate Streaming Platforms Could Expose Sensitive Data

Cybersecurity researchers are drawing attention to a new campaign that's using legitimate generative artificial intelligence (AI)-powered website building tools like DeepSite AI and BlackBox AI to create replica phishing pages mimicking Brazilian government agencies as part of a financially motivated campaign.
The activity involves the creation of lookalike sites imitating Brazil's State

AI Tools Fuel Brazilian Phishing Scam While Efimer Trojan Steals Crypto from 5,000 Victims

A pair of hackers found that a vape detector often found in high school bathrooms contained microphones—and security weaknesses that could allow someone to turn it into a secret listening device.

A pair of hackers found that a vape detector often found in high school bathrooms contained microphones—and security weaknesses that could allow someone to turn it into a secret listening device.

Photograph: Ronda Churchill

A couple of years ago, a curious, then-16-year-old hacker named Reynaldo Vasquez-Garcia was on his laptop at his Portland-area high school, seeing what computer systems he could connect to via the Wi-Fi—“using the school network as a lab,” as he puts it—when he spotted a handful of mysterious devices with the identifier “IPVideo Corporation.”

After a closer look and some googling, Garcia figured out that a company by that name was a subsidiary of Motorola, and the devices he’d found in his school seemed to be something called the Halo 3C, a “smart” smoke and vape detection gadget. “They look just like smoke detectors, but they have a whole bunch of features like sensors and stuff,” Garcia says.

As he read more, he was intrigued to learn that the Halo 3C goes beyond detecting smoke and vaping—including a distinct feature for discerning THC vaping in particular. It also has a microphone for listening out for “aggression,” gunshots, and keywords such as someone calling for help, a feature that to Vasquez-Garcia immediately raised concerns of more intrusive surveillance.

Now, after months of reverse engineering and security testing, Vasquez-Garcia and a fellow hacker he’s partnered with who goes by the pseudonym “Nyx,” have shown that it’s possible to hack one of those Halo 3C gadgets—which they’ve taken to calling by the nickname “snitch puck”—and take full control of it.

Reynaldo Vasquez-Garcia and Nyx in Las Vegas, NV on August 8, 2025.Photograph: Ronda Churchill

At the Defcon hacker conference today, they plan to show that by exploiting just a few relatively simple security vulnerabilities, any hacker on the same network could have hijacked a Halo 3C to turn it into a real-time audio eavesdropping bug, disabled its detection capabilities, created fake alerts for vaping or gunshots, or even played whatever sound or audio they chose out of the device’s speaker. Motorola said it has since developed a firmware update to address those security flaws that will automatically push to cloud-connected devices by Friday.

Many of the hackers’ tricks are on display in a video demo below, which the Vasquez-Garcia and Nyx made ahead of their Defcon presentation:

The Halo 3C’s vulnerabilities would have potentially allowed a teen hacker on a school network to take control of a Halo 3C for epic mischief or abuse. The sensor’s capabilities also ignite fears that school administrators or even police could have done the same to eavesdrop on unsuspecting students in a school bathroom. Schools are increasingly subject to all sorts of surveillance technology, from AI-powered weapons detectors, to “face analytics” cameras, to keystroke loggers on student computers.

One concern of the researchers is that technology like the Halo 3C could be turned against a student speaking about seeking an abortion, for instance. In marketing material, Motorola says the Halo 3C sensor “is ideal for observing health and safety in privacy-concern areas, such as restrooms and changing facilities, where video and audio recording is not permitted.” (Motorola said that the sensor is programmed with wake words, such as “Help, 911,” and does not record or stream audio.)

“To the credit of the company, the microphones sound great,” says Nyx. “From up on the ceiling, you could totally listen to what somebody was saying, and we’ve made this happen.”

Photograph: Ronda Churchill

Motorola told the hackers in an email that it has worked on a new firmware update that should fix the vulnerabilities. But the hackers argue that doesn’t, and can’t, address the underlying concern: that a gadget loaded with hidden microphones is installed in schools around the country. Motorola also advertises its Halo sensors for use in public housing—including inside residents’ homes—according to marketing material.

“The unfortunate reality is there's a microphone connected to a computer that's connected to the network,” says Nyx. “And there's no software patching that will make that not possible to use as a listening device.”

Motorola pitches the Halo 3C as an “all-in-one intelligent security device” in its marketing material. Its notifications “enable security teams at schools, hospitals, retail stores and more to respond to potentially critical events faster, helping to establish a safer environment,” it says.

A disassembled Halo 3C smoke and vape detector found to include microphones.

Courtesy of Reynaldo Vasquez-Garcia and Nyx

After Vasquez-Garcia got curious about the Halo 3C two years ago, he and Nyx—an older hacker he met at his local hackerspace—bought one on eBay and took it apart. Their physical teardown revealed the Halo 3C is essentially a Raspberry Pi micro computer with a bunch of sensors attached, including one for temperature or humidity, an accelerometer, and others for air quality that detect different gases. One feature jumped out: a couple of microphones.

“Seeing this device is getting put into buildings and having microphones in it,” says Nyx, “it’s kind of a huge red flag.”

To hack the Halo 3C, they found that if they could connect to one over the network it was installed on, they could brute-force guess its password with virtually no rate limitations due to a flaw in how it tried to throttle those guesses. “It’s trivially possible to guess passwords as quickly as the thing can respond to you,” says Nyx. That meant they could guess roughly 3,000 passwords a minute, and crack any insufficiently complex password relatively quickly.

Once they had administrator access to a Halo 3C, they found they could update its firmware to whatever they chose: Despite its security measures that attempted to require those firmware updates to be encrypted with a certain cryptographic key, that key was in fact included in firmware updates available on the Halo’s website. “They're handing you a locked box where the key is taped to the underside,” Nyx says. “As long as you know to look down there, you can open it up.”

Photograph: Ronda Churchill

A Motorola Solutions spokesperson said in a statement: “Motorola Solutions designs, develops and deploys our products to prioritize data security and protect the confidentiality, integrity and availability of data. A firmware update is available, and we are working with our customers and channel partners to deploy the update together with our additional recommendations and industry best practices for security.”

Marketing material available online says the Halo 3C uses a “Dynamic Vape Detection algorithm” which can sense nicotine, THC, and when someone is trying to mask their vaping with aerosols. Halo can also “alert security teams to motion after hours” and includes a “spoken keyword feature.”

Photograph: Ronda Churchill

“The HALO Smart Sensor can detect specific spoken keywords that immediately alert security to a potential issue. Pre-defined keywords like ‘help’ are particularly valuable in environments such as schools, where bullying is a concern, or for teachers in need of assistance, as well as nurses and hospital patients,” the marketing material adds. Another section says the sensors can be used to detect “bullying or aggression” in schools.

The marketing material also says Halo sensors have been used in public housing units in New York. “The sensors helped SSHA \[the Saratoga Springs Housing Authority\] reduce risks, enforce nonsmoking rules, and protect vulnerable residents, with plans for further installations across the housing authority,” it says.

Nyx argues that the notion of requiring public housing residents to keep a hackable device that can become an audio eavesdropping tool in their apartment may represent the most disturbing application of the Halo 3C. “That kind of took it up a notch as far as how egregious this entire product line is,” Nyx says. “Most people have an expectation that their home isn’t bugged, right?”

As sensors like the Halo 3C proliferate across schools and even homes, Vasquez-Garcia says the biggest takeaway from his and Nyx’s findings ought to be that putting microphones and internet connections into every device in our lives as simple as a smoke detector is a decision that carries real risk. “If people remember one thing from this, it should be: Don’t blindly trust every internet of things device just because it claims to be for safety,” Vasquez-Garcia says. “The real issue is trust. The more we accept devices that say 'not recording' at face value, the more we normalize surveillance without really knowing what's inside or bothering to question it.”

Andy Greenberg is a senior writer for WIRED covering hacking, cybersecurity, and surveillance. He’s the author of the books _Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency_ and _Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers_. His books ... Read More

Joseph Cox is an award-winning investigative journalist focused on generating impact. His work has triggered hundreds of millions of dollars worth of fines, shut down tech companies, and much more. ... Read More

Tag

#intel