Your Toyota is watching you. Hackers might be, too. TikTok isn't helping.

Hi, Friends —

✰ Welcome to [our digital disco]! Today we’re diving into security’s heavy-hitting news — and why it matters to you. Keep scrolling for this week’s key themes in tech and other misc. thoughts (Snack Time). You can also check out my last newsletter on London Tech Week here.

☞ We’ve arrived at the era of auto[mobile] surveillance.

Modern cars are capable of collecting vast amounts of data about drivers, including driver behavior, biometrics, location, data from synced phones, and user identities. An analysis of 10 popular cars in the US shows that significant amounts of data are actively being collected, with some estimates suggesting that cars can produce 25 gigabytes of data per hour. (For reference, that’s roughly the equivalent of 16.9 billion pages of text.) The privacy policies of manufacturers vary, making it challenging for drivers to understand what data is being collected and why. For example, Toyota uses facial recognition technology to verify drivers' identities, while Honda collects personal information such as names, addresses, and Social Security numbers.

• Why does it matter? While some manufacturers may collect data for research or product development, others may use it for personalizing marketing. The data also isn’t necessarily safe. We’ve been seeing an increase in car hacking — digital keys, for example, are vulnerable to hacking tools that can unlock and start smart cars. (Check out the next section to see how hackers are doing it.) In an era in which a social media trend (e.g., the TikTok Kia Challenge) can democratize unlocking certain car models, there is considerable reason to worry about the safety of your car and the data it’s stockpiling.

• Pros: The variety of data collected can serve many, potentially life-saving functions. For example, driving behavior and biometric information can be used to improve and personalize safety features in vehicles; analyzing driving patterns can help detect signs of fatigue or distraction, and trigger alerts or interventions that prevent accidents. Situational data can provide valuable insights into the circumstances surrounding accidents and road design. The data collected from vehicles can be used to monitor the health and performance of various components, help manufacturers identify maintenance issues before they lead to mechanical failures, and reduce the risk of accidents caused by faulty vehicles.

• Cons: With modern cars functioning as "smartphones on wheels," the wealth of sensitive data they collect can be susceptible to breaches or unauthorized access — compromising drivers' privacy and potentially leading to identity theft or other forms of cybercrime. Moreover, the data collected by vehicles can be sold to data brokers, creating a shadowy industry that profits from individuals' personal information by trading this data. (More on data brokerage in a future post.) This means that your driving habits, routes, and other personal data could be sold and used without your knowledge or consent.

☞ Flipper Zero is gamifying cybersecurity.

Flipper Zero, a $169 open-source hacking tool, is making headlines with projected sales of $80M. This portable gamified tool offers the ability to manipulate wireless devices, RFID card systems, remote keyless systems, and more, allowing users to emulate different lock systems. The Flipper Zero showcases the insecurity of our surroundings, which could be the nudge necessary for corporations to strengthen vulnerable systems. It serves as a wake-up call to the security weaknesses that permeate our daily lives. Yet concerns arise regarding the potential misuse of over 300K hacking devices, which can be leveraged for nefarious intent — such as manipulating car keys and gate openers.

• Why does it matter? The Flipper Zero is just one of many hacking tools in a growing market. Backed by the ‘ethical hacking’ school of thought, creators promote hacking tools as necessary to strengthen systems and prevent larger-scale cybercrime. The assumption, however, lies in the word ‘ethical.’ We need to trust that users won’t deploy these tools at the expense of innocent people. The responsible handling of hacking tools is paramount, emphasizing the importance of cybersecurity awareness and education to safeguard our privacy and safety.

• Pros: The good news? A fair quantity of Flipper Zero’s more-concerning abilities are nonsense. TikTok is loaded with misinformation about the abilities of Flipper Zero, such as manipulating your local burger joint displays. Second, fake news (and novice hacker goals) aside, The Flipper Zero can be an excellent tool for learning — and could be thought of as the modern-day “spy kit” that gets young people interested in a new industry. Users can explore topics such as GitHub, firmware installation, hardware flashing, networking protocols, and wireless technologies. Given the growing demand for skilled professionals in cybersecurity, this learning experience is particularly valuable for young people, helping increase interest in security and address the industry's needs.

• Cons: The Flipper Zero raises numerous risks for malicious and illegal use. The device can manipulate various wireless systems and lock mechanisms, which raises the risk of unauthorized access to sensitive areas or devices. This could lead to breaches of privacy, theft, or other malicious activities. The ability to capture and emulate signals, such as car key signals or gate openers, poses a risk of signal interception. Attackers could potentially capture and exploit these signals to gain unauthorized access to vehicles, buildings, or other secured areas.

☞ TikTok's new feature leaves room for improvement.

TikTok's newest feature, the TikTok Creative Challenge, offers creators a chance to earn money through brand collaborations. The challenge allows brands to connect with a diverse pool of creators, enabling them to reach wider audiences and gain brand exposure. Creators can browse brand ad postings, submit their own video ads, and get revisions and approval.

• Pros: In terms of safety, the Creative Challenge feature may provide certain safeguards. A structured framework for brand collaborations could potentially protect users from unscrupulous brands or fraudulent campaigns by helping them represent more reputable brands. The submission and approval process for ads can also incentivize creators to create within safer guardrails, and help prevent the dissemination of harmful or inappropriate content. The feature may also be especially beneficial for aspiring influencers or content creators looking to build their careers and establish themselves in the industry.

• Cons: The TikTok Creative Challenge feature amplifies certain risks within the TikTok ecosystem. Users may be susceptible to manipulation by brands seeking to exploit them. There’s also a concern that brands themselves could be hacked, leading to misleading instructions or the spread of misinformation through the TikTok’s amplified reach. Scam or malicious campaigns could convince users to engage in dangerous activities because they consider the brands to be credible or low-risk. For those trying to operate their businesses on TikTok, the Challenge raises additional flags. Payment depends on metrics like video views and conversions, making earnings uncertain. The ad duration is undisclosed, worrying influencers who might miss out on income as they gain popularity.

Snacktime

📓 Reading: Matt Taibbi’s The Elite War on Free Thought. He argues that today’s censorship is most visible online…“an Internet-age approach to political control that uses brute digital force to alter reality itself.” Taibbi compares the erosion of public (and private) discourse to George Orwell’s 1984 — that by losing the nuance in conversations, we lose the ability to make real progress or collaborate across groups. “In fact, after enough time online, users will lose both the knowledge and the vocabulary they would need to even have politically dangerous thoughts.” It’s a provocative take on the evolution of language, and how our increase in digital consumption might leave little room for critical thought.

♬ Listening to: little luna’s tunnel.

✰ Thinking about: The stories we tell ourselves — and the ones we might not want to take to our graves.

✿ As always — any and all feedback is welcome! In the meantime, give someone a hug and say an ‘I love you’ this week. Make the world a little happier.