Link to video of the hacking: https://x.com/Paul_Reviews/status/2044723123287666921
You must log in or register to comment.
- 11 hours
They probably paid a million for this vibe coded app. I am confident that I could somehow make this.
Super common here in Germany that sensitive data is handled via crappy apps that essentially have backdoors.
If you break them and report the bug you can be prosecuted under some hacking paragraph.
- 3 hours
Merkels famous quote (“Das Internet ist für uns alle Neuland” - “The internet is new ground for all of us”) still holds true in 2026 lol. Literal third world countries are more advanced when it comes to digitization and stuff lol.
- 3 hours
If you break them and report the bug you can be prosecuted under some hacking paragraph.
The old shoot the messenger approach!
We’ve had some high profile examples in the US too. Like this one, from 2021. A professor was investigated by governor Mike Parson of Missouri, for literally using View Page Source in a browser. And reporting a major vulnerability in good faith. I linked Parson’s wikipedia page, because he deserves his ridicule. Not for his ignorance! Many are ignorant of how the web works. That’s OK. He deserves ridicule for how he handled the episode. For dragging the professor’s name through the mud, who had only tried to help.
In the end, the governor received much ridicule. The investgation was dropped.
- 11 hours
This Meta’s stupid attempt to not get sued for addicting kids. They want to force the problem on the entire world, so they cant be held responsible. They are pushing these same laws in several countries, Brazil just passed a near identical law.
Meta would steal your right to privacy, and force you to identify yourself to every single electronic device you own just to avoid being held liable for harming children. Absolutely disgusting. Zuck belongs in the deepest pits of hell.
- 3 hours
They want to force the problem on the entire world, so they cant be held responsible.
Yah. On top of that, big tech cos often likes high regulatory burden. Ideally different between countries and jurisdictions. Big tech can afford compliance teams and w/e else they need. But! High regulatory burden is harder for upstart competitors. And very hard or impossible for tiny projects.
The same with technical burden. Like browser engines, used to be simple, now, extremely complex with wasm and webgl and stuff. There are only a few left standing. And some only barely.
The higher the burden, the more big tech is entrenched.
- 12 hours
And they think I’m going to add my ID into an app?! Let alone an unsafe one. No, thank you. I’ll just carry a physical card, which is already mandatory.
- 23 hours
I really can’t remember an era where the term hack wasn’t used incorrectly but this case seems a lot more fitting than usual
- 23 hours
I hate that melon husk ruined the term “Grok”. Grok, by Heinleins definition, was closely related to Hack, by its original definition in relation to tech. Not to drill new holes, nessecarily, but to understand a system so well that the holes, or lack thereof, are just readily apparent.
15 hoursYep, I remember a MSFT vet actually teaching me the term ~15 years ago, when I was working for thrm and … yep, just another thing Elon has fucking ruined by association/appropriation.
Elon quite literally does not grok Grok.
- 16 hours
thanks for explaining. every time I read grok the bigot in me is like eww Elon, now I know is yet another thing this guy ruined
Step 1: open source a broken software that was vibe coded in 5 min
Step 2: wait for the internet to fix it
Step 3: profit- 17 hours
isn’t it the same everywhere now?
- CEO vibes code some shit that gets some attention
- Sends it your way
- Can you make this production quality?
At least fucking send me the prompts so I understand what you wanted to express instead of me reverse engineering this shit for days
- 16 hours
hat was vibe coded in 5 min
When you get proof, like the bots in reddit who all said for sure vibecode, please do share it with us.
I’m not saying its probably not, but you guys throw stuff and thats it, we are done. Other than that, I agree not safe. - 1 day
I know this impossible because of that one guy who wants EU app dev on their resume, but the OS devs need to collectively say fuck you and let the shit hit the fan
because of that one guy who wants EU app dev on their resume,
this is the kind of people I despise and who I think deserve eternity in hellfire, but also deserve being spit in the face by all their friends and family
- 24 hours
They should be tied in a sack with a cat, a monkey, and a goose, and the whole thing chucked in the river.
- 18 hours
How about we don’t phantasize about lynching? Although I get the sentiment, but that’s going too far.
- 1 day
That message at the bottom was written by “it’s open source so it must be safe” type security expert
- 12 hours
I think he’s quoting Von Der Leyen because it’s the same person that posted the exploit and the whole thing was in quotes
- Rise1547@feddit.orgDeutsch15 hours
I mean good, gives them time to fix their shit. Purpose of this app is still bullshit though
Half-expecting it to become closed source ‘to prevent people from hacking it so easily’ as a result of the embarrassment of this sort of thing.
- 2 days
And this is government software handling sensitive information. I thought people were required to have higher qualifications and good security knowledge to develop software there, we are cooked if this is the norm.
Yeah so it turns out that basically the entire field of cyber security is 95% a complete joke.
As evidenced by everything gets hacked all the fucking time and massive data breaches are so commonplace they’re usually barely newsworthy.
There of course are a small number of people who can actually oversee/implement reasonably secure code development, but, well, that costs money and takes time, but it does not cost anywhere near as much money or time to just confidently lie to people and pretend you know what you’re doing.
Governments tend to just defer to “industry experts”, which basically means ‘big dumb idiot corporation that verifies their robustness via a human centipede of paid consultants’.
- wewbull@feddit.ukEnglish12 hours
Governments tend to just defer to “industry experts”, which basically means 'big dumb idiot corporation that verifies their robustness via a human centipede of paid consultants
“Industry experts” that are trying to stay on the money train of government contracts, because they know that they’re not going to be held accountable when the shit hits the fan.
Best thing we could do to kerb government spending would be removing contractors from previous failed projects from the bidding process.
Yeah, its all an incenstuous club of a class of C Suite people that know all the people on the boards of the regulatory committees, the astroturfed ‘consumer rights’ groups, the industry advocate groups, etc.
They like to play musical chairs, hop around from seat to seat on different boards.
But uh yeah, corruption is the name of the game with regulatory capture, so, any kind of proposal to have an actually transparent, legit, accountable bidding process will of course be decried by basically everyone connected to it.
Remember when software companies used to like, train people, bring them up to speed, kinda like an apprenticeship, develop them as an asset, and then have a stable team?
Yeah, that… worked better.
But then managent essentially was insulted by the existence of people who knew more about how their own companies actually worked than they did, so they turned them all into contractors, and chaos has reigned ever since!
- 1 day
Highly qualified people are probably not interested in working for the government. Or maybe this was outsourced to some cheap private company, who knows.
- wewbull@feddit.ukEnglish11 hours
No cyber security professional worth anything will stand there and say this is a good solution “for the children”. They all know it’s a bullshit solution to a problem of education. Therefore the only people that will bid for the work will be grifters.
- Pauce@lemmy.caEnglish1 day
You would think right. I recently had a transit pass loading application update and demand that I turn off developer mode to continue use. This app is also run by a government agency across the pond(canada). Went over to the play store reviews and were all complaining about it.
They allege it was to help protect accounts and personal data. Ok, then why doesn’t my bank account get compromised regularly? Or any other account I’ve logged into on my phone literally ever because I had turned on dev mode weeks after getting my first android 10 years ago. This application has been janky for years and only in the past month have they made positive changes to its functionality. I am biased and maybe more irked then necessary but I do expect better/the minimum from these kinds of institutions.
- 1 day
They allege it was to help protect accounts and personal data.
TBH it scares me that more and more things may go this way. You want online banking, or w/e? Well! You better use “trusted device”! What does “trusted device” mean? It means the device is locked down against its “owner”.
It’s like a relentless march where personal computing dies and corporate computing takes over. Ever more, our technology answers to big tech, not us.
- Pauce@lemmy.caEnglish1 day
Also doesn’t help that these companies pass around money with eachother and government entities all the time so they don’t tecnically need any of our business to function. Which enables them to pull this kinda shit and wait for us to get mad enough or to put up with it.
My concern in the long run is that over time the newer generations arent going to ever learn/know how freeing personal computing used to be. They’ll gradually put up with worser and worser and this intrusive encroach on our technological freedom is going to look terribly different in the coming decades.
- 1 day
My concern in the long run is that over time the newer generations arent going to ever learn/know how freeing personal computing used to be.
Oh absolutely! It becomes normalized for those who never knew any other way.
I lucked out, my pa was a techie and got me steered towards the importance of tech freedom. Not everyone is so fortunate. Tech is almost an extension of our minds now. How we remember. How we learn. How we communicate. When we give away control of our devices to big tech, it’s like giving away control of our thoughts and emotions. Even our culture.
- ThePantser@sh.itjust.worksEnglish2 days
Governments are the biggest pushes of AI, this was probably vibe coded.
- wewbull@feddit.ukEnglish11 hours
Often what they want is just plain old automation of basic tasks, but they’ve been told by “Big Government Contractors Corporation” that AI will do that for them. Of course, BGCC has an AI division happy to help them.
- 1 day
I’ve seen worse examples of government software handling sensitive information.
“Technically ready”, as per the post the dude replied to. It’s “good enough” to fool idiots. For people that care to scratch the surface, the veneer falls off super easy
- 1 day
As if Ursula knew what she is talking about. Nevertheless, this is a terrible idea and most likely something with another agenda behind, other than the stated reasons.
With that being said, we need another president for the commission and perhaps a completely different commission. How many years until her term ends?
Apparently respecting highest privacy standards doesn’t have anything to do with cybersecurity standards.
A shiny new bucket doesn’t leak, but the lid can’t be locked so anyone with two hands should be able to open it up and see what’s inside. Sure, it’s private, but not secure.
- 15 hours
How hard is to enable security audits on GitHub? I’ve literally done it in two clicks. Also how hard is to type “Make me a redteaming GitHub bot that checks every PR and every commit” to an AI provider’s CLI if they don’t want to do that?
Also once again, why they just don’t use Mistral (baguette local language model) to implement ADB checks?
- 16 hours
Meanwhile Mr Paul is all about how bad this app is, how he won’t help fix it or do anything for the government(because he was asked i think).
This app needs more work, and second, the attacker needs access to the phone. Now you can access the phone when it’s unattended, steal it, do what you do and then give it back, or do some remote code hacking.
