Tech Brew Ride Home - Thu. 07/18 – Crypto Exchange Hacks Are Back
Episode Date: July 18, 2024It looks like crypto exchange hacks are back. And so are the North Koreans, I guess. Are the Meta Ray-Bans selling so well Zuck might invest in the Ray-Ban maker? The continuing trend of tech companie...s withholding products from Europe. And the state of play in terms of whether or not the cops can get into your phone. Links: WazirX Hacked for $230M, Largely in SHIB, as Elliptic Says North Korea Behind Attack (CoinDesk) $235 million lost by WazirX in North Korea-linked breach (Elliptic) Meta explores stake in Ray-Ban maker EssilorLuxottica (FT) Reality Comes to Meta’s Reality Labs (The Information) Scoop: Meta won't offer future multimodal AI models in EU (Axios) Apple says its OpenELM model doesn’t power Apple Intelligence amid YouTube controversy (9to5Mac) Apple, Nvidia, Anthropic Used Thousands of Swiped YouTube Videos to Train AI (Proof) Leaked Docs Show What Phones Cellebrite Can (and Can’t) Unlock (404 Media) Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
On April 4th, 2023, around 2 in the morning, a man was found stabbed multiple times on a sidewalk in downtown San Francisco.
Hey, who did this to you?
What happened next turned the story into a political firestorm.
Reports have identified the victim as Bob Lee, the founder of Cash App.
From Bloomberg Podcasts, this is Foundering, the Killing of Bob Lee, beginning April 16.
Welcome to the Tech meme right home for Thursday, July 18th, 2024. I'm Brian McCullough today. It looks like
crypto exchange hacks are back, and so are the North Koreans, I guess. Are the meta-rayban selling
so well Zuck might invest in the Rayban maker, the continuing trend of tech companies withholding products
from Europe, and the state of play in terms of whether or not the cops can get into your phone.
Here's what you miss today in the world of tech. I feel like it's been a while since we've had one of
these, but I'm not deep in the crypto space, as you know, so maybe there's been a ton of these that I've
missed, although none may be quite this big. Indian crypto exchange, Wazir X, says one of its
multi-sig wallets, quote, experienced a security breach after more than $230 million in withdrawals
took place. Wazir X had $500 million in holdings in June, so that would be almost half,
quoting Coin Desk. We're aware that one of our multi-sig wallets has experienced a security breach.
team is actively investigating the incident the exchange confirmed in an ex-post to ensure the safety
of your asset, INR, and crypto withdrawals will be temporarily paused.
Blockchain sleuth elliptics said that North Korean linked hackers appear to have perpetrated
the attack.
The Stolten funds account for over 45% of the exchange's 500 million holdings, which it
disclosed in a June report.
The Indian Exchange's live proof of reserve site was down for maintenance as of the time of
writing.
Wazir X identified the multi-sig wallets provider as crypto custody firm.
liminal in a follow-up post hours after the initial confirmation. It later deleted the post,
as liminal said that the wallets that were created, quote, outside of the limel ecosystem,
have been compromised, end quote. Multi-Sig wallets are a type of crypto wallet that requires two or more
private keys to authenticate and confirm transactions before they are processed.
The Indian financial ministry declined to comment on the attack or its implications for the
country's crypto ecosystem. Blockchain data attracted by look-on chain shows over 100 million
dollars worth of Shiba Inu tokens were withdrawn the most among lost funds, followed by 52
million in Ether, 11 million in Maddox, Madik, and 6 million in Pepe. Transactional data shows the
exploiter is actively selling the stolen holdings using the on-chain exchange uniswap.
The exploiter is yet to sell their eth holdings and holds over 4.2 million in flokey tokens.
Wazir X is popular among Indian traders and primarily targets the Indian market. It is among
the few financial intelligence units registered exchanges in the country, allowing it to offer
crypto exchange services to Indian citizens, end quote. Now let me circle back to highlight those
details from Elliptic. Quote, according to Elliptic's analysis, around 235 million in
crypto assets were lost in the breach. This is made up of more than 200 different assets,
including around 96.7 million of Shiba Inu, 52.6 million of Ether, 11 million of Madik, and
7.6 million of Pepe. The thief has already swapped a number of these tokens for ether using a
variety of decentralized services, inexpected initial step of a typical laundering process, end quote.
Sources say meta might make a multi-billion euro investment in eyewear group Esselor Luxottica,
which makes those meta-rayband glasses. I guess this would extend that partnership in a way,
thereby, I guess, providing anecdotal evidence that sales are, in fact, going quite well for those
sort of AR thin glasses, quoting the Financial Times.
The Silicon Valley Company has considered taking a small stake in the 87 billion-euro
Franco-Italian group, according to multiple people with knowledge of its thinking.
The move comes as meta has been holding talks with Esselor Luxottica to deepen their
existing collaboration following the successful launch of a revamped version of their
Rayban meta smart glasses last year, some of the people said.
The first Rayband meta glasses were launched in 2021, but the newest generation launched in
October last year and has sold more in a few months than the previous ones did in two years.
Esselaer Luxottica's chief executive Francesco Maleri said at an event earlier this week.
The latest version of the glasses allows users to live stream what they see directly onto Facebook
and Instagram. In the U.S., the glasses are integrated with Meta's artificial intelligence
assistant, giving owners the ability to ask the glasses for more information about what is in front
of them. This week, Esselor Luxottica agreed to buy U.S. streetwear label Supreme for $1.5 billion,
people close to the deal said the eyewear group aimed to launch a new version of Supreme Smart
sunglasses in partnership with Meta to better target young consumers, end quote. But then, at the
same time, this from the information this morning, quote, as Meta ramps up its spending on
artificial intelligence, company executives have started turning a more skeptical eye on its
reality labs division, home of AR, VR, VR, and Zuckerberg's former pet project, the Metaverse. As a result,
reality labs hardware teams have been asked to cut spending by almost 20% between this year and
2026, a former reality labs manager said with much of those cuts happening this year.
A sign of the new attitude came when meta chief financial officer, Susan Lee spoke at
a gathering of about 100 Reality Labs staffers in February. After praising the group for doing
interesting work, Lee offhandedly said meta should target ARNVR and VR as a $1 trillion
opportunity given the sizable investment the company had made, the former manager said.
Lee didn't elaborate, but her comment struck those present as a rare moment of candor from a top
company executive about meta's prospects of earning a return on its heavy spending on reality
labs, the former manager said. Meta has cumulatively lost more than $55 billion on reality
labs since 2019, according to company statements. Meta isn't retreating from AR or VR.
The company is working on a range of new quest headsets and AR glasses with displays for release
over the next three years, according to multiple people who have worked on the projects.
These include its first augmented reality glasses to be released next year. In 2026, it has scheduled the Quest 4 VR headset, including standard and premium versions, codenamed Pismo Low and Pismo High, three of the people said.
Meta also plans to release a high-end quest headset in 27, codenamed La Jolla to compete with Apple's Vision Pro.
Despite these plans, meta executives appear to be keeping reality labs on a shorter leash.
The restraint comes after years of Reality Lab spending money with seemingly no limits.
Its annual operating loss skyrocketed from $4.5 billion in 2019 to $16.1 billion in 20203.
Even as sales of VR devices remain weak, interest in AI-powered devices is growing.
Meta responded by adding its MetaI assistant to the latest version of its Rayban smart glasses in the spring.
The assistant can recognize objects and assist users with tasks such as translation.
Still, not everyone within Meta is optimistic.
Meta's partnership with Rayban has led to stylish glasses that are fashionable to wear and weigh around 50 grams,
still tolerable to consumers used to wearing traditional glasses that weigh around 30 grams on average.
But the AR glasses meta plans to release next year, code named Hypernova,
currently weigh more than 70 grams and have a thick frame that current and former meta employees say
is likely to turn off consumers. Meta notably isn't partnering with Esselor Luxottica,
its partner on the first two Rayband Smart Glasses on this model.
The French Italian eyeglass giant bulked at the design,
according to two people who worked on the project.
People at Meta say the bulky design of Hypernova is the result of simple physics.
The display, which will be in the right lenses, will show content by projecting an image into the lens.
The people say it is impossible to reduce the size of the frames any further,
given the minimum requirements the product needs to drive its display, computing, and battery life, end quote.
Meta says it plans to withhold future multimodal AI models from the EU
due to what the company says is a lack of clarity from regulators.
Text-only models will still be offered.
Quoting Axios.
The move sets up a showdown between META and EU regulators
and highlights a growing willingness among U.S. tech giants to withhold products
from European customers.
We will release a multimodal Lama model over the coming months,
but not in the EU due to the unpredictable nature of the European regulatory environment,
meta said in a statement to Axios.
Apple similarly said last month that it won't release its Apple intelligence features in Europe
because of regulatory concerns.
the Irish Data Protection Commission, Meta's lead privacy regulator in Europe, did not immediately
respond to a request for comment. Meta plans to incorporate the new multimodal models which are
able to reason across video, audio, images, and text in a wide range of products, including
smartphones and its meta-ray-band smart glasses. Meta says its decision also means that European
companies will not be able to use the multimodal models even though they are being released
under an open license. It could also prevent companies outside of the EU from offering products and
services in Europe that make use of the new multimodal models. The company is also planning to
release a larger text-only version of its Lama 3 models soon that will be made available for
customers and companies in the EU-META said. Meta's issue isn't with the still-being finalized
AI Act, but rather with how it can train models using data from European customers while
complying with GDPR, the EU's existing data protection law. Meta announced in May that it
planned to use publicly available posts from Facebook and Instagram users to train future models.
Meta said it sent more than 2 billion notifications to users in the EU offering a means for opting out
with training set to begin in June.
Meta says it briefed EU regulators months in advance of that public announcement and received only
minimal feedback which it says it addressed.
In June, after announcing its plans publicly, Meta was ordered to pause the training on
EU data.
A couple of weeks later, it received dozens of questions from data privacy regulators across
the region.
The United Kingdom has a nearly identical law to GDPR, but Meta says it isn't
seeing the same level of regulatory uncertainty and plans to launch its new model for UK users, end
quote. Apple says it's open ELM, or I guess open elm model, doesn't power any AI features,
including Apple intelligence. This comes after a report said Apple had used YouTube subtitles
to train the model, which made a bunch of people mad, quoting 9 to 5 Mac. Earlier this week,
an investigation detailed that Apple and other tech giants had used YouTube subtitles to train their
AI models. This included over 170,000 videos from the likes of NKBHD, Mr. Beast, and more. Apple then
use this dataset to train its open source open ELM models, which were released back in April.
Apple says that it created the Open Elm model as a way to contribute to the research community
and advance open source large language model development. In the past, Apple researchers have
described Open Elm as a state-of-the-art open language model. According to Apple, Open Elm was created only
for research purposes, not for use to power any of its Apple intelligence features. The model was
published open source and is widely available, including on Apple's machine learning research website.
Because Open Elm isn't used as part of Apple Intelligence, this means the YouTube
subtitles dataset isn't used to power Apple Intelligence. In the past, Apple has said that
Apple intelligence models were trained on, quote, licensed data, including data selected to
enhance specific features, as well as publicly available data collected by our web crawler, end quote.
Yeah, so I believe that this whole brouhaha fell through the cracks while I was on the road,
but there was an investigation that alleged Apple, Nvidia, Anthropic, and others trained their
AI on a dataset containing YouTube video transcripts, including from the likes of the Wall Street
Journal, Mr. Beast, and MIT, quoting proof news. Our investigation found that subtitles from
173,536 YouTube videos siphoned from more than 48,000 channels were used by Silicon Valley
heavyweights including Anthropic, Nvidia, Apple, and Salesforce. The dataset called YouTube
subtitles contains video transcripts from educational and online learning channels like Khan Academy,
MIT, and Harvard. The Wall Street Journal, NPR, and the BBC also had their videos used to
train AI, as did The Late Show with Stephen Colbert, last week tonight with John Oliver, and
Jimmy Kim Alive. Proof News also found material from YouTube megastars, including Mr. Beast,
289 million subscribers, two videos taken for training. Marquez Brownlee, 19 million subscribers,
videos taken. Jack Skeptic Eye, nearly 31 million subscribers, 377 videos taken, and PewDiePie,
111 million subscribers, 337 videos taken. Some of the material used to train AI also promoted
conspiracies such as the Flat Earth theory. No one came to me and said, we would like to use
this, said David Packman, host of the David Packman Show, a left-leaning politics channel with
more than 2 million subscribers and more than 2 billion views. Nearly 160 of his videos were swept
up into the YouTube subtitles training dataset for people work full-time on Pacman's Enterprise,
which posts multiple videos each day, in addition to producing a podcast, TikTok videos,
and material for other platforms. If AI companies are paid, Pacman said he should be compensated
for the use of his data. He pointed out that some media companies have recently penned agreements
to be paid for use of their work to train AI. This is my livelihood, and I put time,
resources, money, and staff time into creating this content, Pacman said, there's really no
shortage of work, end quote. Finally, today I wanted to follow up on something. Leak documents suggest
that Celebrite couldn't forcibly unlock an iPhone running iOS 17.4 or newer, at least as of April of this
year. Most Android devices could be unlocked, though, so that seems to be the current state of
play in terms of cops getting into your phone. Quoting 404 Media. The documents are titled
Celebrate iOS Support Matrix and Celebrate Android Support.
Matrix, respectively. An anonymous source recently sent the full PDFs to 404 media who said they
obtained them from a Celebrite customer. Graphene OS, a privacy and security-focused Android-based
operating system, previously published screenshots of the same documents online in May, but the
material did not receive wider attention beyond the mobile forensics community.
For all locked iPhones, able to run 17.4 or newer, the Celebrate document says, in research,
meaning they cannot necessarily be unlocked with Celebrites tools. For previous iterations of
iOS 17 stretching from 17.1 to 17.3.1, Celebrate says it does support the iPhone XR and iPhone 11 series.
Specifically, the document says Celebrate recently added support for those models to its supersonic
BF or brute force capability, which claims to gain access to phones quickly. But for the iPhone 12
and up running those operating systems, Celebrate says support is again coming soon. The iPhone
11 was released in 2019. The iPhone 12 was launched the following year. In other words,
Celebrite was only able to unlock iPhones running the penultimate version of iOS that were released
nearly five years ago. The most recent version of iOS in April 2024 was 17.4.1, which was released
in March 2024. Apple then released 17.5.1 in May, according to Apple's own publicly released
data from June, the vast majority of iPhone users have upgraded to iOS 17, with the operating
system being installed on 77% of all iPhones and 87% of iPhones introduced in the last four years.
The data does not break out what percentage of those users are on each iteration of iOS 17, though, end quote.
So I was instructed to give you this message.
Dear Mark Rober, I really love your videos. I'm going to be an engineer just like you.
Could we be friends?
That was, of course, my boy, Max.
Mark Rober, if you're listening or if someone who knows Mark Rober is listening, you know,
I've always wanted to do a bonus episode interview on this podcast where I have a YouTube star,
break down the nuts and bolts of their business.
Get in touch if interested.
Talk to you tomorrow.