Ex-Apple Employee Steals Source Code (Plus OpenAI CEO’s Congressional Hearing) | May 18th, 2023

Today In Tech News:

  1. Apple Car System – Stolen Trade Secrets
  2. OpenAI CEO’s Congressional Hearing
  3. Google Plans To Delete Inactive Accounts
  4. Hardware Hack: Wemo Mini Smart Plug

Apple Car System – Stolen Trade Secrets

The United States is suing an ex-Apple employee for six counts of trade secret theft allegedly committed in 2016.

Weibao Wang was a member of the team responsible for developing algorithms for annotating real-world objects for the Apple Car system. 

He had broad access to the team’s databases and is accused of stealing Apple’s entire autonomy source code as well as hardware and systems information.

Before getting access, Wang had to sign confidentiality and Intellectual Property Agreements as well as attended Apple’s secrecy training.

Wang resigned in 2018 and relocated to Guangzhou China before US officials could get him.

Wang is one of three ex-Apple employees accused of trade secret theft around the Apple Car systems.

Xiaolang Zhang pled guilty as part of a plea and Jizhong Chen pled not guilty.

If Wang is extradited and convicted, he could receive up to 60 years behind bars.

Sources:

OpenAI CEO’s Congressional Hearing

OpenAI CEO Sam Altman expressed both positive visions and harrowing realities of what AI could do in a congressional hearing Wednesday, May 16th.

Lawmakers held the hearing to discuss the future of AI and the potential regulation of future implementations.

The hearing, unlike others regarding AI, was met with bipartisan support and focused on listening to what Mr. Altman’s opinions and predictions were regarding regulating the technology as the US is currently behind both the EU and China in implementing restrictions.

One point that all parties agreed on was Section 230, a law that protects social media companies from liability for their users’ content, does not apply to AI models.  This means AI model owners can be sued for something a user on their platform has trained the model to do.

Two of Mr. Altman’s regulation ideas are a government agency responsible for oversight and licensing for organizations working on advanced AI models as well as an international regulation committee, much like the International Atomic Energy Agency (IAEA) today.

Congress members compared the current AI boom to the first cellphone, the internet, the industrial revolution, the printing press, and most hauntingly the atomic bomb.

Sources:

Google Plans To Delete Inactive Accounts

Google is going to begin deleting abandoned accounts starting as soon as December.

The company is implementing a phased approach, so starting this year they will be focussing on accounts that were created and never used.

The account service will send notifications to both the account email and recovery email months before deletion occurs.

The following actions will keep your account active

  • Reading or sending an email
  • Using Google Drive
  • Watching a YouTube video
  • Downloading an app on the Google Play Store
  • Using Google Search while logged in
  • Using your Google account to sign in to a third-party app or service

Accounts associated with subscriptions like Google One, News providers, or app logins are not considered inactive. 

To back up your account data, you can use Google’s Takeout service to export and download your data.

You can find a link to the Google blog in our sources below. 

Sources:

Hardware Hack: Wemo Mini Smart Plug

In security news a hardware hack discovered in January has come to light as the Wemo Mini Smart Plug v2 has been cracked.

The team at Sternum, an IoT security company, found a “FriendlyName” vulnerability with the plug that can lead to a Command and Control attack.

The name comes from the editable name field of the device as the attack vector starts with a buffer overflow when assigning a name over 30 characters to the device.

Sternum informed Belkin about the exploit in January but the company has since declared the product’s end-of-life meaning there are no plans to patch the vulnerability.

You can mitigate your risk by

  • Not exposing the device’s UPNP port to the internet, including port-forwarding
  • Making sure any devices on the shared network aren’t sensitive

The most secure path is using another smart plug without unpatched vulnerabilities.

Sources:

What Are Your Thoughts?

  • What story did you find the most interesting this week? 
  • Do you think Google cleaning old accounts is going to set a new standard?
  • How many licks does it take to get to the center of a tootsie pop? 

Let us know your thoughts in the comments at the bottom of the page!

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *