Tag Archive for: Reveal

Sinister AI ‘eavesdropping’ trick lets ‘anybody read private chats’ on your Android or iPhone, security experts reveal

/in


CYBERCRIMINALS can spy on users’ conversations with artificial intelligence-powered chatbots, experts have warned.

Ever since ChatGPT came out in November 2022, cybersecurity experts have been concerned with the technology.

Criminals can spy on users’ conversations with AI chatbotsCredit: Getty

ChatGPT is an advanced chatbot that can seamlessly complete tasks like writing essays and generating code in seconds.

Today, several chatbots function like ChatGPT, including Google’s Gemini and Microsoft’s Copilot within Bing.

The chatbots are easy to use, and many users quickly get captivated into conversations with the natural-language companions.

However, experts have expressed concerns over users sharing personal information with AI chatbots.

ChatGPT can collect highly sensitive details users share via prompts and responses.

It can then associate this information with a user’s email address and phone number, and store it.

That’s because to use the platform, users need to provide both an email address and mobile phone number.

Users cannot bypass this by using disposable or masked email addresses and phone numbers.

Most read in Phones & Gadgets

As a result, ChatGPT is firmly tied to your online identity as it records everything you input.

What’s more, this private data can also be obtained by cybercriminals if they are keen enough.

ChatGPT creator reveals more creepy videos after announcing major change & fans are shocked by ‘cyborg’ German Shepherd

“Currently, anybody can read private chats sent from ChatGPT and other services,” Yisroel Mirsky, the head of the Offensive AI Research Lab at Israel’s Ben-Gurion University, told Ars Technica in an email.

“This includes malicious actors on the same Wi-Fi or LAN as a client (e.g., same coffee shop), or even a malicious actor on the internet — anyone who can observe the traffic.”

This is known as a “side-channel attack,” and it can be very dangerous for victims.

“The attack is passive and can happen without OpenAI or their client’s knowledge,” Mirsky revealed.

“OpenAI encrypts their traffic to prevent these kinds of eavesdropping attacks, but our research shows that the way OpenAI is using encryption is flawed, and thus the content of the…

Source…

Security experts reveal the 10 things to never post online

/in


Connecting to the internet, for that matter, is also important for work, socialising and keeping up to date with general goings on.

Although the internet can be a force for good, you don’t need us to tell you how dangerous it can also be.

Scammers are relentless online and will look to take advantage of any opportunity to rip you off in some way. 

So with that in mind, here are some suggestions for keeping safe online.

10 things you should never post online:

James Milin-Ashmore at Independent Advisor VPN said: “With 97.8% of the UK using the internet and 84.4% using social media, the digital world has become a hotspot for criminals to obtain personal information.

“Your online presence can make you vulnerable to identity theft, hacking and other security threats, meaning you should always be mindful and deliberate when you are posting and sharing information online.”

Your phone number

Cybercriminals can use your phone number to gather additional details about you potentially leading to identity theft and unauthorised access to your online accounts.

Posting your phone number also increases the risk of being targeted by phishing attacks, where scammers send you disingenuous messages or calls that try to trick you into providing sensitive information.

Your location

Sharing where you live or are currently staying not only puts you at risk of theft and stalking but also malicious online activity and identity theft. If a cybercriminal knows where you live, they can personalise their phishing attempts, making them much more convincing.

In terms of identity theft, if scammers have your address they will be able to build a more detailed profile about you posing a real danger to your personal information.

Even if you don’t share or post your address online, scammers may be able to breach your IP address. While your IP address won’t reveal your exact location, it does show the city or region where the device is…

Source…

Russia-Ukraine and Israel-Hamas Wars Reveal All [Cyber] Conflicts Are Global

/in


During an impassioned public plea in October, President Joe Biden linked the Gaza and Ukraine conflicts, saying each is “vital for America’s national security.” The subsequent funding bill also linked the two and quickly became political, with debates about the connection raging. 

However, while debates continue, cyberspace reflects the two conflicts being intimately linked to broader geopolitical alliances. It also serves as proof of the blurring lines between traditional hacktivism as an ideologically motivated activity and organized nation-state actor attacks. 

Cyber War’s Reach

The wide-reaching effects of cyber war mean that even civilians of countries not directly involved in a war might be impacted.

For instance, in 2020, Israel faced a significant cyber threat targeting critical water infrastructure. For the US, this threat became a reality in 2023. The Iranian CyberAv3ngers group exploited vulnerabilities in US industrial control systems, revealing significant cybersecurity weaknesses in American water utilities.

The nature of modern cyber warfare adds a global aspect to nearly every conflict. Nations must tackle the issue with universally coordinated and revamped tactics able to combat sophisticated nation-states in a truly global digital battlefield.

The Blurring of Lines

The trend of cybercriminals declaring allegiances to nation-states and actively participating in geopolitical conflicts comes as the distinction between hacktivists, cybercriminals, and nation-state actors continues to erode.

Hacktivist groups, such as SiegedSec, have been acting against the West by declaring allegiances to Russia and targeting Israel’s government infrastructure and Shufersal, the country’s largest supermarket chain.

The increasingly complex web of alliances and motives in the cyber realm means that nation-state actors, traditionally associated with espionage, are now engaging in economic crimes. North Korean state actors are this trend’s epitome, being responsible for a quarter of all global cryptocurrency currency thefts.

Meanwhile, Chinese state actors have gone to unprecedented lengths to conduct economic espionage and intellectual property theft. These actors routinely…

Source…

Researchers Reveal “Most Sophisticated” iMessage Exploit Targeting iPhones

/in


Recently, the 37th Chaos Communication Congress took place in Hamburg, Germany. A team of cybersecurity experts, including Boris Larin from Moscow-based security firm Kaspersky, Leonid Bezvershenko, and Georgy Kucherin were part of the congress. They uncovered a series of zero-day vulnerabilities in iPhones, exploited through iMessage. This “Operation Triangulation” presentation marked the first public revelation of these susceptibilities and their exploitation methods.

Beware! Researchers Found iMessage Exploit

Reports claim that the attack, refined in its execution, starts with a seemingly harmless iMessage attachment. After that, the iMessage attachment exploits CVE-2023-41990. It is a vulnerability in an undocumented TrueType font instruction. Moreover, it also triggers a chain of events without any observable signs to the user. The exploit uses advanced techniques, including return/jump-oriented programming and a multi-staged JavaScript exploit, to achieve deep access to the device’s system.

For all those unaware, a “zero-day exploit” is similar to finding a secret way into a computer program or any system that nobody else knows about. In the case of Apple, even the people who made the program do not know about it. It is pertinent to mention here that there is no protection against it yet. The name “zero-day” means that the program makers have had zero days to resolve the problem because they just found out about it.

The researchers also disclosed how the attack exploits the JavaScriptCore debugging feature and an integer overflow vulnerability (CVE-2023-32434) to get read/write access to the entire physical memory of the machine at the user level. This strategy allows the hackers to bypass the Page Protection Layer (PPL).

It’s pertinent to mention that these exploits were patched by Apple’s iOS software updates with iOS and iPadOS 15.7.8 for older devices and 16.6. The presentation also highlighted the exploit’s ability to support older and newer iPhone models, including a Pointer Authentication Code (PAC) bypass for the latest models. The exploit’s sophistication is further evidenced by its use of hardware memory-mapped I/O (MMIO) registers.

PTA…

Source…