#FactCheck - Viral Video of Man ‘Running on Water’ Found to Be AI-Generated

Introduction

We stand at the edge of a reality once confined to science fiction, a world where the very creations designed to serve us could redefine what it means to be human, rewriting the paradigm we built them in. The increasing prevalence of robotics and embodied AI systems in everyday life and cyber-physical settings draws attention to a complicated network of issues at the intersection of cybersecurity, human-to-robot trust, and robotic safety. The development of robotics cannot be perceived as a novelty or a fleeting interest area for enthusiasts, it has developed into a force that enters the area of human life that is private and has historically been reserved for human connection and care. We live in an era where countries can no longer afford to fall behind, at a time when technological prowess determines global influence. The new development currency of the 21st century is “Techno-sovereign”, meaning that one must be able to innovate as well as incorporate robotics, artificial intelligence, and other technologies.

‍

Entering the Robotic Renaissance

‍

The recent unveiling of the humanoid “pregnancy robot” presents the next frontier in reproductive robotics, garnering both criticism and support. Although this bold innovation holds promise, it also presents unavoidable cybersecurity, privacy, and ethical conundrums. The humanoid is being developed by Kaiwa Technology under the direction of Dr. Zhang Qifeng, who is also connected to Nanyang Technological University. As per the report of ECNS, he presented his idea for a robotic surrogate that could carry a child for a full-term pregnancy at the 2025 World Robot Conference in Beijing. While the technology is indubitably groundbreaking, it raises a lot of ethical and moral concerns as well as legal concerns, as surrogacy is banned in China.

Alongside the concerns raised by various segments of doctors, feminists who argue on the devaluation and pathologising of pregnancy, it also raises various cybersecurity concerns, keeping in mind the interpersonal and intimate nature of human connections, where robotics are now making headway. Pregnancy is inherently intimate. Our understanding of bodily autonomy is blurred when we move into the realm of machinery. From artificial amniotic fluid sensors to embryo data, every layer of this technology becomes a possible attack vector. Robots with artificial wombs are essentially IoT-powered medical systems. As per the research conducted by the Department of Computer Science and Engineering, Cornell University, “our lives have been made easier by the incorporation of AI into robotics systems, but there is a significant drawback as well: these systems are susceptible to security breaches. Malicious actors may take advantage of the data, algorithms, and physical components that make up AI-Robotics systems, which can cast a debilitating impact.

The Robotic Pivot: The Market’s Greatest Disruption

The humanoid “pregnancy robot” is not the only robotic innovation planning to take the industry for a whirlwind. China is pushing the boundaries amidst the escalating trade wars. Beijing is stepping up its efforts in sectors where it has the capacity and necessity to advance before the US. China’s leaders see AI as a source of national pride, a means of enhancing its military might, and a long-standing problem of Western dominance.  The proof lies in the fact that Beijing hosted the first World Humanoid Robot Games, reflecting China’s dual goals of showcasing its technological prowess as it moves closer to establishing itself as a dominant force in artificial intelligence applied to robotics and bringing people closer to machines that will eventually play a bigger role in daily life and the economy.

Despite China’s prominence, it is not the only country that sees the potential in AI-enabled robotics. Indian Space Research Organisation’s chairman V Narayanan announced that the humanoid robot Gaganyaan programme’s first uncrewed mission G1 would be launched with humanoid robot Vyommitra in December.

‍

Conclusion

The emergence of robotics holds both great potential and significant obstacles holds both great potential and significant obstacles. Robots have the potential to revolutionise accessibility and efficiency in a variety of fields, including healthcare and space exploration, but only if human trust, ethics, and cybersecurity keep up with technological advancements. This is not a far-flung issue for India, rather, it is a pressing appeal to properly lead in a world where technological sovereignty is equivalent to world power. 

‍

References

• https://nurse.org/news/pregnancy-robot-artificial-womb-china/ 
• https://timesofindia.indiatimes.com/life-style/health-fitness/health-news/chinas-2026-humanoid-robot-pregnancy-with-artificial-womb-a-revolutionary-leap-in-reproductive-technology/articleshow/123357813.cms?utm_source=chatgpt.com 
• https://arxiv.org/pdf/2310.08565 
• https://www.theguardian.com/world/2025/apr/21/humanoid-workers-and-surveillance-buggies-embodied-ai-is-reshaping-daily-life-in-china 
• https://english.elpais.com/technology/2025-08-21/china-stages-first-robot-olympics-to-showcase-its-tech-ambition.html ‍
• https://www.tribuneindia.com/news/india/1st-non-crew-gaganyaan-mission-to-launch-in-dec-with-robot-vyommitra/

Introduction

The most significant change seen in the Indian cyber laws this year was the passing of the Digital Personal Data Protection Act, 2023, in the parliament. DPDP Act is the first concrete form of legislation focusing on the protection of Digital Personal Data of Indian netizens in all aspects; the act is analogous to what GDPR is for Europe. The act lays down heavy compliance mandates for the intermediaries and data fiduciaries, this has made it difficult for the tech companies a lot of policy, legal and technical changes have to be made in order to implement the act to its complete efficiency. Recently, the big techs have addressed a letter to the Minister and Minister of State of Meity to extend the implementation timeline of the act. In other news, the union cabinet has given the green light for the much-awaited MoC with Japan focused on establishing a long-term Semiconductor Supply Chain Partnership. 

Letter to Meity

The lobby of the big techs represented by a Trade Body named the Big Tech Asia Internet Coalition (AIC) this week wrote to the Ministry of Electronics and Information Technology (Meity), addressing it to the Minister Ashwini Vaishnav and Minister of State (MoS) Rajeev Chandershekhra recommending a 12-18 month extension on the implementation of the Digital Personal Data Protection Act. This request comes at a time when the government has been voicing its urgency to implement the act in order to safeguard Indian data at the earliest. The trade body represented big names, including Meta, Google, Microsoft, Apple and many more. These big techs essentially comprise the segment recognised under the DPDP as the Significant Data Fiduciaries due to the sheer volume of data processed, hosted, stored, etc. In the protective sense, the act has been designed to focus on preventing the exploitation of personal data of Indian netizens by the big techs, hence, they form an integral part of the Indian Data Ecosystem.  The following reasons/complications concerning the implementation of the act were highlighted in the letter:

• Unrealistic Timelines: The AIC expressed that the current timeline for the implementation of the act seems unrealistic for the big techs to establish technological, policy and legal mechanisms to be in compliance with section 5 of the act, which talks about the Obligations of a Data Fiduciary and the particular notice to be shared with the data principles in accordance with the act. 
• Technical Requirements: Members of AIC expressed that the duration for the implementation of the act is much less in comparison to the time required by the tech companies to set up/deploy relevant technical critical infrastructure, SoPs and capacity building for the same. This will cause a major hindrance in establishing the efficiency of the act.
• Data Rights:  Right to Erasure, Correction, Deletion, Nominate, etc., are guaranteed under the DPDP, but the big techs are not sure about the efficient implementation of these rights and hence will need fundamental changes in the technology architecture of their platform, thus expressing concern of the early implementation of the act. 
• Equivalency to GDPR: The DPDP is taken to be congruent to the European GDPR, but the DPDP focuses on a few more aspects, such as cross-border data flow and compliance mandates for the right to erasure, hence a lot of GDPR-compliant big techs also need to establish more robust mechanisms to maintain compliance to Indian DPDP.     

Indo-Japan MoC

A Memorandum of Cooperation (MoC) on the Japan-India Semiconductor Supply Chain Partnership was signed in July 2023 between the Ministry of Electronics and Information Technology (MeitY) of India and the Ministry of Economy, Trade and Industry (METI) of Japan. This information was shared with the Union Cabinet, which is led by Prime Minister Narendra Modi. The Ministry of Commerce (MoC) aims to expand collaboration between Japan and India in order to improve the semiconductor supply chain. This is because semiconductors are critical to the development of industries and digital technologies. The Parties agree that the MoC will take effect on the date of signature and be in effect for five years. Bilateral cooperation on business-to-business and G2G levels on ways to develop a robust semiconductor supply chain and make use of complementary skills. The cooperation is aimed at harnessing indigenous talent and creating opportunities for higher employment avenues. 

MeitY's purpose also includes promoting international cooperation within bilateral and regional frameworks in the frontier and emerging fields of information technology. MeitY has engaged in Memorandums of Understanding (MoUs), Memorandums of Covenants (MoCs), and Agreements with counterpart organisations/agencies of other nations with the aim of fostering bilateral collaboration and information sharing. Additionally, MeitY aims to establish supply chain resilience, which would enable India to become a reliable partner. An additional step towards mutually advantageous semiconductor-related commercial prospects and collaborations between India & Japan is the strengthening of mutual collaboration between Japanese and Indian enterprises through this Memorandum of Understanding. The “India-Japan Digital Partnership” (IJDP), which was introduced during PM Modi's October 2018 visit to Japan, was created in light of the two countries' complementary and synergistic efforts. Its goal is to advance both current areas of cooperation and new initiatives within the scope of S&T/ICT cooperation, with a particular emphasis on “Digital ICT Technologies."

Conclusion 

As we move ahead into the digital age, it is pertinent to be aware and educated about the latest technological advancements, new forms of cybercrimes and threats and legal aspects of digital rights and responsibilities, whether it is the recommendation to extend the implementation of DPDP or the Indo-Japan MoC, both of these instances impact the Indian netizen and his/her interests. Hence, the indigenous netizen needs to develop a keen interest in the protection of the Indian cyber-ecosystem to create a safer future. In our war against technology, our best weapon is technology and awareness, thus implementing the same in our daily digital lifestyles and routines is a must.  

References

• https://www.eetindia.co.in/cabinet-approves-moc-on-japan-india-semiconductor-supply-chain-partnership/
• https://www.moneycontrol.com/news/business/startup/trade-body-representing-big-tech-urges-govt-to-extend-dpdp-act-implementation-by-1-5-years-11605431.html
• https://www.google.com/url?rct=j&sa=t&url=https://www.eetindia.co.in/cabinet-approves-moc-on-japan-india-semiconductor-supply-chain-partnership/&ct=ga&cd=CAEYACoTOTI3Mzg4NzEyODgwMjI2ODk0MDIaOTBiYzUxNmI5YTRjYTE1NTpjb206ZW46VVM&usg=AOvVaw2lEO7-cIBZ_ox1xV39LGLs

‍

‍

Executive Summary:

CVE 2024-3094 is a backdoor vulnerability recently found in Kali Linux installations that happened between March 26th to 29th. This vulnerability was found in XZ package version 5.6.0 to 5.6.1. It could allow the malicious actor to compromise SSHD authentication, and grant unauthorized access to the entire system remotely. The users who have installed or updated Kali Linux during the said time are advised to update their system to safeguard against this vulnerability. 

The Dangerous Backdoor

The use of the malicious implant found in XZ Utils as a remote code execution tool makes it more dangerous, because of its ability to compromise the affected systems. Initially, researchers believed the vulnerability enabled an authentication bypass for the OpenSSH server (SSHD) process. However, further analysis revealed it is better characterized as a remote code execution (RCE) vulnerability.

The backdoor intercepts the RSA_public_decrypt function, verifies the host's signature using a fixed Ed448 key, and if successful, executes malicious code passed by the attacker via the system() function. This leaves no trace in SSHD logs and makes it difficult to detect the vulnerability. 

Impacted Linux Distributions

The compromised versions of XZ Utils have been found in the following Linux distributions released in March 2024:

• Kali Linux (between March 26 and March 29)
• openSUSE Tumbleweed and openSUSE MicroOS (March 7 to March 28)
• Fedora 41, Fedora Rawhide, and Fedora Linux 40 beta
• Debian (testing, unstable, and experimental distributions only)
• Arch Linux container images (February 29 to March 29)
• Meanwhile, distributions such as Red Hat Enterprise Linux (RHEL), SUSE Linux Enterprise, openSUSE Leap, and Debian Stable are not believed to be affected.

How Did This Happen?

The malicious code appears to have been inserted by taking advantage of a typical control transfer vulnerability. The original maintainer of the XZ Libs project on GitHub handed over control of the repository to an account that had been contributing to various data compression-related projects for several years. It was at this point that the backdoor was implanted in the project code.

Fortunately, the Potential Disaster Was Averted

As per Igor Kuznetsov, head of Kaspersky's Global Research and Analysis Team (GReAT), the vulnerability CVE-2024-3094 is considered as the largest scale attack that has happened in the Linux ecosystem history. Because it targeted the primary remote management tool for Linux servers on the internet which is  SSH servers.  

As this vulnerability was detected in the testing and rolling distributions in the short period of time, where the latest software packages are used. This results to the minimum damage to the linux users and so far no case of CVE-2024-3094 being actively exploited have been detected.

Staying Safe

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) advises that users who installed or updated the affected operating systems in March immediately roll back to XZ Utils 5.4.6 version and be on alert for any malicious activity. It is recommended to change the passwords in the case of a distribution where a weak version of XZ Utils has been installed. 

The Yara rule has been released to detect any infected systems by CVE-2024-3094 Vulnerability. 

Conclusion

The discovery of the XZ Utils backdoor provides a reminder to be vigilant in the open source software environment. This supply chain attack highlights the importance of strong security measures, elaborate code reviews, and regular distribution of security updates to provide shield against such vulnerabilities. Always staying informed and taking the necessary precautions, Linux users can mitigate the potential impact of this vulnerability to keep their systems safe.

References : 

• https://thehackernews.com/2024/03/urgent-secret-backdoor-found-in-xz.html 
• https://www.helpnetsecurity.com/2024/03/29/cve-2024-3094-linux-backdoor/ 
• https://www.kali.org/blog/about-the-xz-backdoor/ 
• https://www.kaspersky.com/blog/cve-2024-3094-vulnerability-backdoor/50873/ 
• https://www.rapid7.com/blog/post/2024/04/01/etr-backdoored-xz-utils-cve-2024-3094/ 

‍