Tag Archive for: encrypted

Hackers can access your private, encrypted AI assistant chats


Facepalm: For some, AI assistants are like good friends whom we can turn to with any sensitive or embarrassing question. It seems safe, after all, because our communication with them is encrypted. However, researchers in Israel have discovered a way for hackers to circumvent that protection.

Like any good assistant, your AI knows a lot about you. It knows where you live and where you work. It probably knows what foods you like and what you are planning to do this weekend. If you are particularly chatty, it may even know if you are considering a divorce or contemplating bankruptcy.

That’s why an attack devised by researchers that can read encrypted responses from AI assistants over the web is alarming. The researchers are from the Offensive AI Research Lab in Israel, and they have identified an exploitable side-channel present in most major AI assistants that use streaming to interact with large language models, with the exception of Google Gemini. They then demonstrate how it works on encrypted network traffic from OpenAI’s ChatGPT-4 and Microsoft’s Copilot.

“[W]e were able to accurately reconstruct 29% of an AI assistant’s responses and successfully infer the topic from 55% of them,” the researchers wrote in their paper.

The initial point of attack is the token-length side-channel. In natural language processing, the token is the smallest unit of text that carries meaning, the researchers explain. For instance, the sentence “I have an itchy rash” could be tokenized as follows: S = (k1, k2, k3, k4, k5), where the tokens are k1 = I, k2 = have, k3 = an, k4 = itchy, and k5 = rash.

However, tokens represent a significant vulnerability in the way large language model services handle data transmission. Namely, as LLMs generate and send responses as a series of tokens, each token is transmitted from the server to the user as it is generated. While this process is encrypted, the size of the packets can reveal the length of the tokens, potentially allowing attackers on the network to read conversations.

Inferring the content of a response from a token length sequence is challenging because the responses can be several sentences…

Source…

Hackers can read private AI-assistant chats even though they’re encrypted


Hackers can read private AI-assistant chats even though they’re encrypted

Aurich Lawson | Getty Images

AI assistants have been widely available for a little more than a year, and they already have access to our most private thoughts and business secrets. People ask them about becoming pregnant or terminating or preventing pregnancy, consult them when considering a divorce, seek information about drug addiction, or ask for edits in emails containing proprietary trade secrets. The providers of these AI-powered chat services are keenly aware of the sensitivity of these discussions and take active steps—mainly in the form of encrypting them—to prevent potential snoops from reading other people’s interactions.

But now, researchers have devised an attack that deciphers AI assistant responses with surprising accuracy. The technique exploits a side channel present in all of the major AI assistants, with the exception of Google Gemini. It then refines the fairly raw results through large language models specially trained for the task. The result: Someone with a passive adversary-in-the-middle position—meaning an adversary who can monitor the data packets passing between an AI assistant and the user—can infer the specific topic of 55 percent of all captured responses, usually with high word accuracy. The attack can deduce responses with perfect word accuracy 29 percent of the time.

Token privacy

“Currently, anybody can read private chats sent from ChatGPT and other services,” Yisroel Mirsky, head of the Offensive AI Research Lab at Ben-Gurion University in Israel, wrote in an email. “This includes malicious actors on the same Wi-Fi or LAN as a client (e.g., same coffee shop), or even a malicious actor on the Internet—anyone who can observe the traffic. The attack is passive and can happen without OpenAI or their client’s knowledge. OpenAI encrypts their traffic to prevent these kinds of eavesdropping attacks, but our research shows that the way OpenAI is using encryption is flawed, and thus the content of the messages are exposed.”

Source…

86% of cyberattacks are delivered over encrypted channels


Threats over HTTPS grew by 24% from 2022, underscoring the sophisticated nature of cybercriminal tactics that target encrypted channels, according to Zscaler.

malware encrypted threats

For the second year in a row, manufacturing was the industry most commonly targeted, with education and government organizations seeing the highest year-over-year increase in attacks. Additionally, malware, which includes malicious web content and malware payloads, continued to dominate over other types of encrypted attacks, with ad spyware sites and cross-site scripting accounting for 78% of all blocked attacks.

In total, 86% of all cyber threats, including malware, ransomware, and phishing attacks, are delivered over encrypted channels.

“With nearly 95% of web traffic flowing over HTTPS and 86% of the advanced threats delivered over encrypted channels, any HTTPS traffic that does not undergo inline inspection represents a significant blind spot that cybercriminals continue to exploit when targeting global organizations,” said Deepen Desai, Chief Security Officer, Zscaler. “To defend against encrypted attacks, organizations should replace vulnerable appliances, like VPNs and firewalls, with a Zero Trust Network Access (ZTNA) solution. This allows IT teams to inspect TLS traffic at scale while blocking threats and preventing sensitive data leakage.”

Encrypted malware is a top threat

Malware keeps its top spot as the champion of encrypted threats, driving 23 billion encrypted hits between October 2022 and September 2023 and comprising 78% of all attempted cyberattacks.

Encrypted malware includes malicious web content, malware payloads, macro-based malware, and more. The most prevalent malware family in 2023 was ChromeLoader, followed by MedusaLocker and Redline Stealer.

Manufacturers saw the largest amount of AI/ML transactions compared to any other industry, processing over 2.1 billion AI/ML-related transactions. It remains the most targeted industry, accounting for 31.6% of encrypted attacks tracked by Zscaler.

Generative AI raises data leak concerns

As smart factories and the Internet of Things (IoT) become more prevalent in manufacturing, the attack surface is expanding and exposing the sector to more…

Source…

EU Tries To Slip In New Powers To Intercept Encrypted Web Traffic Without Anyone Noticing


from the QWACs-in-the-web dept

The EU is currently updating eIDAS (electronic IDentification, Authentication and trust Services), an EU regulation on electronic identification and trust services for electronic transactions in the European Single Market. That’s clearly a crucial piece of legislation in the digital age, and updating it is sensible given the fast pace of development in the sector. But it seems that something bad has happened in the process. Back in March 2022, a group of experts sent an open letter to MEPs [pdf] with the dramatic title “Global website security ecosystem at risk from EU Digital Identity framework’s new website authentication provisions”. It warned:

The Digital Identity framework includes provisions that are intended to increase the take-up of Qualified Website Authentication Certificates (QWACs), a specific EU form of website certificate that was created in the 2014 eIDAS regulation but which – owing to flaws with its technical implementation model – has not gained popularity in the web ecosystem. The Digital Identity framework mandates browsers accept QWACs issued by Trust Service Providers, regardless of the security characteristics of the certificates or the policies that govern their issuance. This legislative approach introduces significant weaknesses into the global multi-stakeholder ecosystem for securing web browsing, and will significantly increase the cybersecurity risks for users of the web.

The near-final text for eIDAS 2.0 has now been agreed by the EU’s negotiators, and it seems that it is even worse than the earlier draft. A new site from Mozilla called “Last Chance to fix eIDAS” explains how new legislative articles will require all Web browsers in Europe to trust the the certificate authorities and cryptographic keys selected by the government of EU Member States. Mozilla explains:

These changes radically expand the capability of EU governments to surveil their citizens by ensuring cryptographic keys under government control can be used to intercept encrypted web traffic across the EU. Any EU member state has the ability to designate cryptographic keys for distribution in web browsers and browsers are…

Source…