The Weekly Weird #24
OpenAI releases GPT-4o, Google doubles down on dystopia, hacker tracking attack is whack, deepfakes beat ID verification, trouble in New Caledonia, Pope talks aliens
The sun is shining, the sky is blue, spring has sprung, and we’re back for another Weekly Weird!
Greetings to our new followers and subscribers - make sure you check out past Weirds and episodes of the podcast, especially our last episode (#113), the life story of former journalist Carol Cohn growing up under Communism in Romania and escaping to the West.
Well, what’s been bubbling up from the peat bog of dystopian doings this week?
Let’s take a look!
OpenAI Releases GPT-4o
OpenAI, the Cyberdyne Systems of our time, has just launched its newest iteration of Chat-GPT.
In a flurry of videos, the company developing our future global overlord demonstrated the new capabilities of GPT-4o, and, well, oh my.
Here’s the presenter demonstrating GPT-4o’s realtime conversational speech:
Strong Her vibes for sure.
Marvel at the implications of a scruffy dude being told how to present himself better by his phone:
Remember the digital therapy session from the film Demolition Man?
The looming destroyer of worlds also doubles as a maths tutor:
And a realtime translator:
They even get two phones and have it speak to itself…or is it two AIs if it’s the same AI on two phones with two voices?
It even knows how to gush condescendingly to dogs. And let’s not forget the peak-weird Majestic Potato lullaby…
You can explore the whole playlist on OpenAI’s YouTube channel here, and there’s a detailed YouTube tutorial on how to use it (with a paid account) here.
Now just imagine that someone integrates GPT-4o into one of these fully articulated robots.
Sweet dreams.
Google Doubles Down On Dystopia
At a Google I/O keynote address, CEO Sundar Pichai and a host of his fellow nerds emerged blinking into daylight from their climate-controlled offices to declare the birth of their answer to GPT-4o: Gemini 1.5 Pro.
A helpful YouTuber put together a supercut of the session, which both condenses it to a manageable length and has the unintended consequence of making it even creepier because the edits cross ripples of laughter, cheers, and applause that gives the whole thing a more disorienting and staged feel.
The big deal is “multimodal” AI, or, in normal language, an AI that can use a device’s microphone and camera to ‘see’ and ‘hear’.
In this section, they demonstrate what that means in practice. Make sure you watch through to the bit where she swaps her phone for a pair of smart glasses.
They then get extra-happy about how they have integrated their AI into all Android phones, meaning that every smartphone running Google’s operating system has its own on-device foundation model.
“This lets us bring Gemini goodness from the data centre right into your pocket.”
Hmm, you can almost taste the lack of consent on the winds of change blowing through the tech industry.
A new feature is then demonstrated: Google’s on-phone AI will protect you from scams by flagging risky texts or phone calls in realtime to warn you if they sound dodgy. How will it do that? Well, by listening to your phone calls to protect you, of course. But don’t worry, the presenter says that “everything happens right on my phone so the audio processing stays completely private to me and on my device.”
If Google tell you they care about your privacy, obviously we should take that at face value, right? It’s not like they have a long track record of privacy violations, data mishandling, data loss through hacking, and getting sued for tracking customer usage that was meant to be private.
Hacker Tracking Attack Is Whack
A CISA1 official has come forward with confirmation that hackers successfully penetrated communications systems in the United States and accessed user location data, according to 404 Media.
The comments from the Cybersecurity & Infrastructure Security Agency (CISA) official are highly unusual in that they provide an unvarnished assessment of the threat posed by such attacks on U.S. telecommunication networks, acknowledge that these attacks have happened recently even after the country’s telecoms—including AT&T, Verizon, and T-Mobile—claim they have better secured their networks, and that the official decided to speak out publicly seemingly without his agency’s approval.
The vulnerability is in something called SS7.
SS7 is a network and protocol that is used to route messages when a consumer roams outside of their normal provider’s coverage area. It is also exploited by spy firms, governments, and criminals to track phones’ physical locations, and intercept phone calls and text messages. Diameter is something of an efficiency upgrade to SS7, but which can still be leveraged in similar ways to track targets.
Broadly, the way malicious parties such as spy firms gain access to SS7 is through legitimate telecommunications companies or by operating their own. From here, they lease access to a Global Title, which is essentially an address to route messages with. Armed with this access and a target’s phone number, an attacker then may then be able to track the victim.
The CISA official, Kevin Briggs, was quoted in an FCC report in response to direct questions about unauthorised accessing of user location data and other vulnerabilities.
I believe there have been numerous incidents of successful, unauthorized attempts to access the network user location data of communications service providers operating in the USA using SS7 and/or Diameter exploits.
[…]
I have also seen very concerning information that describes how in May of 2022, several thousand Global Opcode violations were detected, which potentially masked a range of attacks.
After giving specific examples of attacks, he described them as “just the tip of the proverbial iceberg.”
He then went on:
I have seen what appears to be reliable information related to numerous other exploits based on SS7 and Diameter that go beyond location tracking. Some of these involve issues like (1) the monitoring of voice and text messages, (2) the delivery of spyware to targeted devices, and (3) the influencing of U.S. voters by overseas countries using text messages.
It’s not clear how it is possible to measure the influence on US voters of text messages from overseas, since voting is done anonymously and a lot goes into how people make up their minds. There may be a measurable volume of foreign propaganda, but gauging its impact seems nebulous at best and potentially a spurious argument in support of a power-grab by an agency considered to be at the centre of the Censorship-Industrial Complex.
From 404 Media again:
In response to a question about a Chinese espionage operation from the audience, Briggs said during his talk on 5G security that “The biggest subscriber-shipped [subscribership] network in the world isn't the Internet. The biggest one is the com networks, the SS7 networks, the Diameter.”
“When you add up all the subscribers there, we've got them beat by billions, and we need to bring in the same cyber controls, end-to-end,” he said, before adding on the need to bring more of the security controls around the internet to telecoms.
“If we don’t up our game there, we introduce huge vulnerability,” he concluded.
Is the solution “to bring more of the security controls around the internet to telecoms”? Or is that just what a government agency wants, for its own ends?
Whatever it is, Shaq is right…
Deepfakes Beat ID Verification
The drumbeat of digital ID roll-out worldwide, coupled with voter ID laws, biometric voter registration, calls for identity verification for social media users, and the dark cloud of fully digitised money on the horizon (CBDCs, I’m looking at you), makes the prospect of fraud in such an environment serious bordering on existential.
This week, Biometric Update covered a new whitepaper by Consult Hyperion that highlights the key differences between photographic and cryptographic identity verification. As they put it, “Identity Document Verification solutions…that rely solely on capturing and analysing an image or video taken of a physical document” are more susceptible to “deepfake injection attacks.’
With advances in AI, it is increasingly easy to generate authentic looking fake images or videos.
The cryptographic method, “whereby data is read from a secure chip embedded in a passport”, is “practically impossible” to fake.
Whilst no security control is 100% guaranteed, cryptographic and chip technology is highly resistant to attack – which is why it is employed across the card payments sector.
In short, “the cryptographic method is far superior from a security perspective”.
As you may have noticed, most of the identity verification that you encounter uses the photographic method, presumably because it is faster, cheaper, simpler, and easier to outsource to a third-party provider than the alternative. That also makes it more hackable.
Using the machine-readable part of your passport and NFC on your phone to pin your verification to the physical document would be more secure but doesn’t seem to have received the same focus from authorities or service providers.
The result is that we are increasingly required to participate in a digital identity system which most commonly uses the less secure method for verifying our documents. The worst of both worlds: You have to use it, and it is less secure than it could/should be.
Sidebar: What the hell is a ‘deepfake’ anyway?
With the word ‘deepfake’ getting bandied about, it might be worth checking out at least the first five minutes of this great video by Mike Boyd charting his learning curve as he tries to make a series of deepfakes.
Quick Fire Round
Trouble In New Caledonia: Riots and street violence have overtaken the island archipelago of New Caledonia, which is still governed by France for reasons that definitely have nothing to do with it being the world’s fourth largest source of nickel.
From the South China Morning Post:
France declared a state of emergency and banned the TikTok short-video app on the Pacific island of New Caledonia on Wednesday after three young indigenous Kanak and a police official were killed in riots over electoral reform.
The state of emergency, which entered into force at 5am local time,, gives authorities additional powers to ban gatherings and forbid people from moving around the French-ruled island.
The plot thickened, as reported by Politico, when the French Interior Minister blamed the unrest on…Azerbaijan?
French Interior Minister Gérald Darmanin said that the violence, which has claimed the lives of three indigenous Kanak people and a police officer, had been actively supported by Azerbaijan.
“This isn’t a fantasy,” he insisted on Thursday. “I regret that some of the separatists have made a deal with Azerbaijan.”
“This isn’t a fantasy” is rarely something you hear at the beginning of a convincing statement. The complaint was elucidated by “a French intelligence official” who blamed Russia and Azerbaijan for faux news: “They’re pushing the narrative of France being a colonialist state.”
Since France took possession of New Caledonia in 1853 and has governed it ever since despite being nowhere near it, it’s not the most outlandish claim. That said, there have been multiple referenda to decide whether to declare independence from France, with the vote repeatedly going against independence. Now it’s the attempt to reform voter eligibility rules that has kicked off the current violence.
As per Yahoo! News:
New Caledonia’s voter lists have not been updated since 1998 – meaning that island residents who have arrived from mainland France or elsewhere anytime in the past 25 years do not have the right to take part in provincial polls.
The French government has branded the exclusion of one out of five people from voting as “absurd”, while separatists fear that expanding voter lists would benefit pro-France politicians and “further minimise the Indigenous Kanak people”.
So is more people voting the threat to democracy? Or is preventing people from having a vote a threat to democracy? It’s hard to keep track sometimes.
Pope Talks Aliens: Britain’s most boobular tabloid, the Daily Star, dropped a fabulous headline that says it all: Pope to hold press conference on aliens and the supernatural – and people are confused.
According to a notice on the Vatican's website, it will kick of [sic] at noon tomorrow, and will feature three prominent Vatican members.
Being held to “present the new provisions of the Dicastery for the Doctrine of the Faith for discerning between apparitions and other supernatural phenomena,” it will be led by Cardinal Victor Manuel Fernandex [sic], Messenger Armando Matteo and Daniela Del Gaudio.
[…]
The press conference is will see [sic] new guidelines launched on how the Vatican will deal with aliens and phenomena created by them – or alleged aliens etc.
The Popemobile rolling up to the gangway of a just-landed alien spacecraft in St. Peter’s Square would be epic. Let’s hope our prayers are answered.
That’s it for this week’s Weird, everyone. Thank you as always for taking the time to read through, and please do let me know what you think.
Outro music is You Could Be Mine by Guns ‘n’ Roses. The music video was made to coincide with the release of Terminator 2: Judgment Day and is therefore relevant to the journey we’ve been on together. Also, it rocks.
Cybersecurity & Infrastructure Security Agency. Why use the word ‘security’ twice? Bureaucracy at its finest/worst.
As the World Turns…who would have thought 4+ years ago we would need a Substack called “The Weekly Weird”?!? 😂🤣 There’s just no escape from the weird, ridiculous, outrageous, and at times utterly terrifying events that keep unfolding into oblivion like a slinky on a never ending set of stairs. I keep waiting on the bottom but after the ridiculous “King” Charles unveiled himself as bloody satan in his official painting I believe the bottom is a very long way down…
Thanks for your stack 🥳and keeping up with the weirdness because it is a subject with a lot of material from which to choose. 😖