Connect with us

Technology

The US government says a vulnerability in the Chirp Systems app allows anyone to remotely control smart home locks

Published

on

A flaw in a smart access control system used in hundreds of U.S. rental homes allows anyone to remotely control any lock in the affected home. However, Chirp Systems, which produces the system, ignored requests to fix the fault.

The US cybersecurity agency CISA followed a safety advisory was made publicly available last week claiming that Chirp-developed phone apps that residents use as an alternative of a key to access their homes “improperly store” hard-coded credentials that might be used to remotely control any Chirp-compatible smart lock.

Applications that use passwords stored in the source code, called hardcoded credentials, pose a security risk because anyone can extract these credentials and use them to perform actions that impersonate the application. In this case, the credentials allowed anyone to remotely lock or unlock a door lock connected to Chirp over the Internet.

Advertisement

In its advisory, CISA said that a successful exploitation of the vulnerability “could allow an attacker to gain control and gain unrestricted physical access” to smart locks connected to the Chirp smart home system. The Cybersecurity Agency gave the vulnerability a severity rating of 9.1 out of a maximum of 10 for its “low attack complexity” and distant exploitability.

The cybersecurity agency said Chirp Systems didn’t respond to either CISA or the researcher who discovered the vulnerability.

said security researcher Matt Brown veteran security journalist Brian Krebs that it notified Chirp of a security issue in March 2021, but the vulnerability stays unpatched.

Chirp Systems is one among a growing variety of real estate technology firms providing rental giants with keyless access control that integrates with smart home technologies. Rental firms are increasingly forcing tenants to allow the installation of smart home equipment in accordance with their lease agreements, nevertheless it is at best unclear who takes responsibility or is held accountable when security issues arise.

Advertisement

Property and rental giant Camden Property Trust signed a deal to introduce Chirp-connected smart locks in 2020 over 50,000 premises in over a hundred facilities. It is unclear whether affected facilities, equivalent to Camden, are aware of the vulnerability or have taken motion. Kim Callahan, a spokesman for Camden, didn’t respond to a request for comment.

Chirp was acquired by property management software giant RealPage in 2020, and RealPage was acquired by private equity giant Thoma Bravo later that 12 months in a deal valued at $10.2 billion. RealPage stands several legal challenges following the allegations, rent-setting software uses secret and proprietary algorithms to help landlords raise the highest possible rents for tenants.

Neither RealPage nor Thoma Bravo have yet confirmed vulnerabilities in the acquired software or said whether or not they plan to notify affected residents of the security risk.

Jennifer Bowcock, a spokeswoman for RealPage, didn’t respond to requests for comment from TechCrunch. Megan Frank, a spokeswoman for Thoma Bravo, also didn’t respond to requests for comment.

Advertisement

This article was originally published on : techcrunch.com

Technology

One of the last AI Google models is worse in terms of safety

Published

on

By

The Google Gemini generative AI logo on a smartphone.

The recently released Google AI model is worse in some security tests than its predecessor, in line with the company’s internal comparative test.

IN Technical report Google, published this week, reveals that his Flash Gemini 2.5 model is more likely that he generates a text that violates its security guidelines than Gemini 2.0 Flash. In two indicators “text security for text” and “image security to the text”, Flash Gemini 2.5 will withdraw 4.1% and 9.6% respectively.

Text safety for the text measures how often the model violates Google guidelines, making an allowance for the prompt, while image security to the text assesses how close the model adheres to those boundaries after displaying the monitors using the image. Both tests are automated, not supervised by man.

Advertisement

In an e-mail, Google spokesman confirmed that Gemini 2.5 Flash “performs worse in terms of text safety for text and image.”

These surprising comparative results appear when AI is passing in order that their models are more acceptable – in other words, less often refuse to answer controversial or sensitive. In the case of the latest Llam Meta models, he said that he fought models in order to not support “some views on others” and answers to more “debated” political hints. Opeli said at the starting of this yr that he would improve future models, in order to not adopt an editorial attitude and offers many prospects on controversial topics.

Sometimes these efforts were refundable. TechCrunch announced on Monday that the default CHATGPT OPENAI power supply model allowed juvenile to generate erotic conversations. Opeli blamed his behavior for a “mistake”.

According to Google Technical Report, Gemini 2.5 Flash, which is still in view, follows instructions more faithfully than Gemini 2.0 Flash, including instructions exceeding problematic lines. The company claims that regression might be partially attributed to false positives, but in addition admits that Gemini 2.5 Flash sometimes generates “content of violation” when it is clearly asked.

Advertisement

TechCrunch event

Berkeley, California
|.
June 5

Book now

Advertisement

“Of course, there is a tension between (after instructions) on sensitive topics and violations of security policy, which is reflected in our assessment,” we read in the report.

The results from Meepmap, reference, which can examine how models react to sensitive and controversial hints, also suggest that Flash Gemini 2.5 is much less willing to refuse to reply controversial questions than Flash Gemini 2.0. Testing the TechCrunch model through the AI ​​OpenRoutter platform has shown that he unsuccessfully writes essays to support human artificial intelligence judges, weakening the protection of due protection in the US and the implementation of universal government supervisory programs.

Thomas Woodside, co -founder of the Secure AI Project, said that the limited details given by Google in their technical report show the need for greater transparency in testing models.

“There is a compromise between the instruction support and the observation of politics, because some users may ask for content that would violate the rules,” said Woodside Techcrunch. “In this case, the latest Flash model Google warns the instructions more, while breaking more. Google does not present many details about specific cases in which the rules have been violated, although they claim that they are not serious. Not knowing more, independent analysts are difficult to know if there is a problem.”

Advertisement

Google was already under fire for his models of security reporting practices.

The company took weeks to publish a technical report for the most talented model, Gemini 2.5 Pro. When the report was finally published, it initially omitted the key details of the security tests.

On Monday, Google published a more detailed report with additional security information.

(Tagstotransate) Gemini

Advertisement
This article was originally published on : techcrunch.com
Continue Reading

Technology

Aurora launches a commercial self -propelled truck service in Texas

Published

on

By

The autonomous startup of the Aurora Innovation vehicle technology claims that it has successfully launched a self -propelled truck service in Texas, which makes it the primary company that she implemented without drivers, heavy trucks for commercial use on public roads in the USA

The premiere appears when Aurora gets the term: In October, the corporate delayed the planned debut 2024 to April 2025. The debut also appears five months after the rival Kodiak Robotics provided its first autonomous trucks to clients commercial for operations without a driver in field environments.

Aurora claims that this week she began to freight between Dallas and Houston with Hirschbach Motor Lines and Uber Freight starters, and that she has finished 1200 miles without a driver to this point. The company plans to expand to El Paso and Phoenix until the top of 2025.

Advertisement

TechCrunch contacted for more detailed information concerning the premiere, for instance, the variety of vehicles implemented Aurora and whether the system needed to implement the Pullover maneuver or the required distant human assistance.

The commercial premiere of Aurora takes place in a difficult time. Self -propelled trucks have long been related to the necessity for his or her technology attributable to labor deficiencies in the chairman’s transport and the expected increase in freigh shipping. Trump’s tariffs modified this attitude, not less than in a short period. According to the April analytical company report from the commercial vehicle industry ACT researchThe freight is predicted to fall this yr in the USA with a decrease in volume and consumer expenditure.

Aurora will report its results in the primary quarter next week, i.e. when he shares how he expects the present trade war will affect his future activity. TechCrunch contacted to learn more about how tariffs affect Auror’s activities.

For now, Aurora will probably concentrate on further proving his safety case without a driver and cooperation with state and federal legislators to just accept favorable politicians to assist her develop.

Advertisement

TechCrunch event

Berkeley, California
|.
June 5

Book now

Advertisement

At the start of 2025, Aurora filed a lawsuit against federal regulatory bodies after the court refused to release the appliance for release from the protection requirement, which consists in placing warning triangles on the road, when the truck must stop on the highway – something that’s difficult to do when there isn’t a driver in the vehicle. To maintain compliance with this principle and proceed to totally implement without service drivers, Aurora probably has a man -driven automotive trail after they are working.

(Tagstranslate) Aurora Innovation

This article was originally published on : techcrunch.com
Continue Reading

Technology

Sarah Tavel, the first woman of the Benchmark GP, goes to the Venture partner

Published

on

By

Eight years after joining Benchmark as the company’s first partner, Sarah Tavel announced that she was going to a more limited role at Hapeure Venture.

In his latest position as a partner Venture Tavel will proceed to invest and serve existing company boards, but may have more time to examine “AI tools on the edge” and fascinated with the direction of artificial intelligence, she wrote.

Tavel joined Benchmark in 2017 after spending a half years as a partner in Greylock and three years as a product manager at Pinterest. Before Pinterest, Tavel was an investor in Bessemer Venture Partners, where she helped Source Pinterest and Github.

Advertisement

Since its foundation in 1995, the benchmark intentionally maintained a small team of six or fewer general partners. Unlike most VC corporations, wherein older partners normally receive most of the management and profits fees, the benchmark acts as an equal partnership, and all partners share fees and returns equally.

During his term as a general partner of Benchmark, Tavel invested in Hipcamp on the campsite, chains of cryptocurrency intelligence startups and the Supergreaty cosmetic platform, which was purchased by Whatnot in 2023. Tavel also supported the application for sharing photos of Paparazhi, which closed two years ago, and the AI ​​11x sales platform, about which TechCrunch wrote.

(Tagstotransate) benchmark

This article was originally published on : techcrunch.com
Advertisement
Continue Reading
Advertisement

OUR NEWSLETTER

Subscribe Us To Receive Our Latest News Directly In Your Inbox!

We don’t spam! Read our privacy policy for more info.

Trending