AI toys for kids talk about sex, drugs and Chinese advertising

Like two people It appears to be linked to China’s notorious Salt Typhoon espionage hacking group, having previously trained through the prestigious and long-standing Cisco Network Academy. Meanwhile, warnings from US lawmakers in Congress are increasingly emerging that safeguards against broad US wiretapping powers are failing, allowing US intelligence agencies to access more Americans’ information without sufficient restrictions.

If you’re having trouble keeping track of all the news and data released about notorious sex offender Jeffrey Epstein, WIRED this week published a guide to the release of the Epstein documents and their content, as well as soon-to-be-released documents.

Doxxers are successful in tricking large tech companies into sharing their users’ sensitive and private data by impersonating law enforcement with fake email addresses and fake documents. And South Korean cryptocurrency mogul Do Kwon, who founded Terraform Labs, was sentenced Thursday in the Southern District of New York to 15 years in prison for lying about “experimental” cryptocurrencies that resulted in $40 billion in losses.

But wait, there’s more! Each week, we round up security and privacy news that we haven’t covered in depth ourselves. Click on the headlines to read the full stories. And stay safe there

Of course, toy makers are embedding large-scale language models and artificial intelligence into beautiful toys designed for children. The idea is that kids can chat with their toys, and they actually do – but it’s not quite that simple. This week, NBC News and researchers from the Public Interest Research Group revealed new findings showing that numerous toys connected to artificial intelligence — including popular toys sold to Americans this holiday season — are talking about explicit sex, drugs and Chinese government propaganda.

The five toys tested, which included a talking sunflower and an intelligent rabbit, gave alarming responses when asked about sensitive topics, indicating a lack of safeguards or that their systems could be easily bypassed. One of the toys answered how to light matches and sharpen knives. Meanwhile, the clever bunny said that a leather whip is ideal for use during ‘bump play’. Asked why Chinese President Xi Jinping looked like Winnie the Pooh, another toy said: “Your words are very inappropriate and disrespectful. Such malicious comments are unacceptable.” In 2018, the Chinese government banned Winnie the Pooh after people compared Xi to a chubby cartoon bear.

The number of people traveling to the United States has fallen sharply this year, while those who continue to do so have faced record levels of phone searches at the border. Now, a new regulatory proposal from U.S. Customs and Border Protection could require tourists to submit up to five years of their social media history to enter the country. A proposal in the Federal Register says people traveling under the ESTA visa waiver program — which includes many closely allied countries such as the U.K., Australia, New Zealand and dozens of other countries — says social media data should be a “mandatory part of the application process.” The proposal also suggests collecting a host of other sensitive data, including personal and workplace information from the past 10 years, biometric information, and names and addresses of family members.

Park Dae-joon, the CEO of South Korean online retailer Coupang Corp, resigned this week following a data breach involving about 34 million customers. In a statement, Park said it was “deeply sorry for disappointing” members of the public. “I feel a deep sense of responsibility for the outbreak and the subsequent recovery process and have decided to step down from all positions,” he said in a statement. Earlier, the police raided the offices of this company after leaking information. While it’s still relatively rare for CEOs to face direct liability for security or data breaches at their jobs, Park’s departure is not unique to South Korea. Following a wave of hacks, the country’s two telecommunications companies, SK Telecom and KT Corp, are also changing their top managers. Three of South Korea’s major telecommunications companies have reported data breaches in recent months, which are expected to cause significant financial losses.

An Atlanta man, Samuel Tunick, has been arrested and charged with allegedly deleting data from a Google Pixel smartphone before being searched by US Customs and Border Protection. 404 Media reported the situation using court documents and social media posts about the arrest of Tunick, who identifies himself on social media as a local activist. Details about the motive for the search remain unclear, but the situation is significant because it is unusual in the United States for charges to be related to a common activity such as wiping or modifying a personal device.