In the latest study, researchers have made the first "generative AI worms" that can spread from one device to another, deploying malware or stealing data in the process.
Nassi, in collaboration with fellow academics Stav Cohen and Ron Bitton, developed the worm, which they named Morris II in homage to the 1988 internet debacle caused by the first Morris computer worm. The researchers demonstrate how the AI worm may attack a generative AI email helper to steal email data and send spam messages, circumventing several security measures in ChatGPT and Gemini in the process, in a research paper and website.
The study, conducted in test environments rather than on a publicly accessible email assistant, coincides with the growing multimodal nature of large language models (LLMs), which can produce images and videos in addition to text.
Prompts are language instructions that direct the tools to answer a question or produce an image. This is how most generative AI systems operate. These prompts, nevertheless, can also be used as a weapon against the system.
Prompt injection attacks can provide a chatbot with secret instructions, while jailbreaks can cause a system to ignore its security measures and spew offensive or harmful content. For instance, a hacker might conceal text on a website instructing an LLM to pose as a con artist and request your bank account information.
The researchers used a so-called "adversarial self-replicating prompt" to develop the generative AI worm. According to the researchers, this prompt causes the generative AI model to output a different prompt in response.
The researchers connected ChatGPT, Gemini, and open-source LLM, LLaVA, to develop an email system that could send and receive messages using generative AI to demonstrate how the worm may function. They then discovered two ways to make use of the system: one was to use a self-replicating prompt that was text-based, and the other was to embed the question within an image file.
A video showcasing the findings shows the email system repeatedly forwarding a message. Also, according to the experts, data extraction from emails is possible. According to Nassi, "It can be names, phone numbers, credit card numbers, SSNs, or anything else that is deemed confidential."
Nassi and the other researchers report that they expect to see generative AI worms in the wild within the next two to three years in a publication that summarizes their findings. According to the research paper, "many companies in the industry are massively developing GenAI ecosystems that integrate GenAI capabilities into their cars, smartphones, and operating systems."
As asserted by a major finding, researchers at the ATHENE National Research Center in Germany have identified a long-standing vulnerability in the Domain Name System (DNS) that could potentially lead to widespread Internet outages. This flaw, known as "KeyTrap" and tracked as CVE-2023-50387, exposes a fundamental design flaw in the DNS security extension, DNSSEC, dating back to 2000.
DNS servers play a crucial role in translating website URLs into IP addresses, facilitating the flow of Internet traffic. The KeyTrap vulnerability exploits a loophole in DNSSEC, causing a DNS server to enter a resolution loop, consuming all its computing power and rendering it ineffective. If multiple DNS servers were targeted simultaneously, it could result in extensive Internet disruptions.
A distinctive aspect of KeyTrap is its classification as an "Algorithmic Complexity Attack," representing a new breed of cyber threats. The severity of this issue is underscored by the fact that Bind 9, the most widely used DNS implementation, could remain paralyzed for up to 16 hours after an attack.
According to the Internet Systems Consortium (ISC), responsible for overseeing DNS servers globally, approximately 34% of DNS servers in North America utilise DNSSEC for authentication, making them vulnerable to KeyTrap. The good news is that, as of now, there is no evidence of active exploitation, according to the researchers and ISC.
To address the vulnerability, the ATHENE research team collaborated with major DNS service providers, including Google and Cloudflare, to deploy interim patches. However, these patches are deemed temporary fixes, prompting the team to work on revising DNSSEC standards to enhance its overall design.
Fernando Montenegro, Omdia's senior principal analyst for cybersecurity, commends the researchers for their collaborative approach with vendors and service providers. He emphasises the responsibility now falling on service providers to implement the necessary patches and find a permanent solution for affected DNS resolvers.
While disabling DNSSEC validation on DNS servers could resolve the issue, the ISC advises against it, suggesting instead the installation of updated versions of BIND, the open-source DNS implementation. According to the ISC, these versions address the complexity of DNSSEC validation without hindering other server workloads.
The ATHENE research team urges all DNS service providers to promptly apply the provided patches to mitigate the critical KeyTrap vulnerability. This collaborative effort between researchers and the cybersecurity ecosystem serves as a commendable example of responsible disclosure, ensuring that steps are taken to safeguard the stability of the Internet.
As the story unfolds, it now rests on the shoulders of DNS service providers to prioritise updating their systems and implementing necessary measures to secure the DNS infrastructure, thereby safeguarding the uninterrupted functioning of the Internet.
This indicates that the only entities that are kept from knowing what a user is browsing on incognito would be their family/friends who use the same device.
At heart, Google might not only be a mere software developer. It is in fact a business that is motivated through advertising, which requires it to collect information about its users and their preferences in order to sell them targeted advertising.
Unfortunately, users cannot escape this surveillance just by switching to incognito. In fact, Google is paying a sum of $5 billion to resolve a class-action lawsuit filed against them, accusing the company of betraying its customers regarding the privacy assurance they support. Google is now changing its description of Incognito mode, which will make it clear that it does not really protect the user’s privacy.
Developers can get a preview of what this updated feature exactly is, by using Chrome Canary. According to MSPowerUser, the aforementioned version of Chrome displayed a disclaimer when the user went Incognito, stating:
"You’ve gone Incognito[…]Others who use this device won’t see your activity, so you can browse more privately. This won’t change how data is collected by websites you visit and the services they use, including Google."
(In the above statement, the text in bold is the new addition to the disclaimer.)
Chrome remains one of the popular browsers, even Mac users can use Safari instead. Privacy is just one of the reasons Apple fans should use Safari instead of Chrome.) However, there are certain websites that users would prefer not to get added to their Google profile which has the rest of their private information. Thus, users are recommended to switch to Safari Private Browsing, since Apple does not use Safari to track its users (it claims to).
Even better, use DuckDuckGo when you want to disconnect from the internet. This privacy-focused search engine and browser won't monitor or save the searches of its users; in fact, its entire purpose is to protect users' online privacy.
Recently, OpenAI and WHOOP collaborated to launch a GPT-4-powered, individualized health and fitness coach. A multitude of questions about health and fitness can be answered by WHOOP Coach.
It can answer queries such as "What was my lowest resting heart rate ever?" or "What kind of weekly exercise routine would help me achieve my goal?" — all the while providing tailored advice based on each person's particular body and objectives.
In addition to WHOOP, Summer Health, a text-based pediatric care service available around the clock, has collaborated with OpenAI and is utilizing GPT-4 to support its physicians. Summer Health has developed and released a new tool that automatically creates visit notes from a doctor's thorough written observations using GPT-4.
The pediatrician then swiftly goes over these notes before sending them to the parents. Summer Health and OpenAI worked together to thoroughly refine the model, establish a clinical review procedure to guarantee accuracy and applicability in medical settings, and further enhance the model based on input from experts.
GPT Vision has been used in radiography as well. A document titled "Exploring the Boundaries of GPT-4 in Radiology," released by Microsoft recently, evaluates the effectiveness of GPT-4 in text-based applications for radiology reports.
The ability of GPT-4 to process and interpret medical pictures, such as MRIs and X-rays, is one of its main uses in radiology. According to the report, "GPT-4's radiological report summaries are equivalent, and in certain situations, even preferable than radiologists."a
Be My Eyes is improving its virtual assistant program by leveraging GPT-4's multimodal features, particularly the visual input function. Be My Eyes helps people who are blind or visually challenged with activities like item identification, text reading, and environment navigation.
Many people have tested ChatGPT as a therapist when it comes to mental health. Many people have found ChatGPT to be beneficial in that it offers human-like interaction and helpful counsel, making it a unique alternative for those who are unable or reluctant to seek professional treatment.
Both Google and Apple have been employing LLMs to make major improvements in the healthcare business, even before OpenAI.
Google unveiled MedLM, a collection of foundation models designed with a range of healthcare use cases in mind. There are now two models under MedLM, both based on Med-PaLM 2, giving healthcare organizations flexibility and meeting their various demands.
In addition, Eli Lilly and Novartis, two of the biggest pharmaceutical companies in the world, have formed strategic alliances with Isomorphic Labs, a drug discovery spin-out of Google's AI R&D division based in London, to use AI to find novel treatments for illnesses.
Apple, on the other hand, intends to include more health-detecting features in their next line of watches, concentrating on ailments like apnea and hypertension, among others.
The decision came from the department of telecommunications (DoT), which also contacted internet service providers to block access to both the apps’ websites.
Singapore-based Airalo and Spain-based Holafly are providers of eSIMs for a number of countries and regions. eSIMs are digital SIMs that enable users to activate a mobile plan with one’s network provider without using a physical SIM card.
In India, a company require no objection certificate (NoC) from DoT to sell foreign SIM cards.
Apparently, DoT instructed Apple and Google to remove Holafly and Airalo from their apps because they lacked the necessary authorization or NoC.
The apps are now unavailable in Google PlayStore, however were found on Apple’s AppStore as of January 5.
According to a government source, Apple was in talks to remove the apps.
The apps are still accessible for users in other regions but have been blocked for Google and Apple users in India.
Organizations that plan on selling SIM cards from other countries must obtain a NOC from the DoT. According to DoT's 2022 policy, these SIM cards provided to Indian customers are solely meant to be used abroad.
The authorized dealers will need to authenticate clients with copies of their passports, visas, and other supporting documentation before they sell or rent these SIMs.
Also, the SIM providers need to provide details of global SIMs to security agencies every month.
Rules for Selling International SIMs in India/ Users can activate mobile plans using an eSIM in place of a physical SIM card. eSIMs are offered by Holafly and Airalo in a number of nations. Companies who intend to sell international SIM cards in India are required by DoT policy 2022 to obtain a NOC and to sell SIM cards only for use outside of the nation. Authorized merchants are required to use their passport, visa, and other necessary documents to confirm the identity of their consumers. These sellers also have to give security agencies regular updates on foreign SIMs.
The Indian Computer Emergency Response Team (CERT-In) has discovered security flaws in high-profile smartphone brands, including Samsung, Apple, and Google Pixel devices. After carefully analyzing these devices' security features, CERT-In has identified certain possible weaknesses that can jeopardize user privacy and data.
The CERT-In advisory highlights significant concerns for iPhone users, indicating a security flaw that could be exploited by malicious entities. This revelation is particularly alarming given Apple's reputation for robust security measures. The advisory urges users to update their iOS devices promptly, emphasizing the critical role of regular software updates in safeguarding against potential threats.
Samsung and Google Pixel phones are not exempt from security scrutiny, as CERT-In identified vulnerabilities in these Android-based devices as well. The CERT-In advisory underscores the importance of staying vigilant and promptly applying security patches and updates provided by the respective manufacturers. This is a reminder that even leading Android devices are not immune to potential security risks.
The timing of these warnings is crucial, considering the increasing reliance on smartphones for personal and professional activities. Mobile devices have become integral to our daily lives, storing sensitive information and facilitating online transactions. Any compromise in the security of these devices can have far-reaching consequences for users.
As cybersecurity threats continue to evolve, both manufacturers and users need to prioritize security measures. CERT-In's warnings underscore the need for proactive steps in identifying and addressing potential vulnerabilities before they can be exploited by malicious actors.
In response to the CERT-In advisory, Apple and Samsung have assured users that they are actively working to address the identified security flaws. Apple, known for its commitment to user privacy, has pledged swift action to resolve the issues outlined by CERT-In. Samsung, too, has expressed its dedication to ensuring its users' security and promised timely updates to mitigate the identified risks.
The conflict between tech behemoths Google and Apple and Fortnite creator Epic Games is a ground-breaking antitrust lawsuit that has rocked the app ecosystem. An important turning point in the dispute occurred when a jury decided to support the gaming behemoth over Google after Epic Games had initially challenged the app store duopoly.
The core of the dispute lies in the exorbitant fees imposed by Google and Apple on app developers for in-app purchases. Epic Games argued that these fees, which can go as high as 30%, amount to monopolistic practices, stifling competition and innovation in the digital marketplace. The trial has illuminated the murky waters of app store policies, prompting a reevaluation of the power dynamics between tech behemoths and app developers.
One of the key turning points in the trial was the revelation of internal emails from Google, exposing discussions about the company's fear of losing app developers to rival platforms. These emails provided a rare glimpse into the inner workings of tech giants and fueled Epic Games' claims of anticompetitive behavior.
The verdict marks a significant blow to Google, with the jury finding in favor of Epic Games. The decision has broader implications for the tech industry, raising questions about the monopolistic practices of other app store operators. While Apple has not yet faced a verdict in its case with Epic Games, the outcome against Google sets a precedent that could reverberate across the entire digital ecosystem.
Legal experts speculate that the financial repercussions for Google could be substantial, potentially costing the company billions. The implications extend beyond financial penalties; the trial has ignited a conversation about the need for regulatory intervention to ensure a fair and competitive digital marketplace.
Industry observers and app developers are closely monitoring the fallout from this trial, anticipating potential changes in app store policies and fee structures. The ruling against Google serves as a wake-up call for tech giants, prompting a reassessment of their dominance in the digital economy.
As the legal battle between Epic Games and Google unfolds, the final outcome remains years away. However, this trial has undeniably set in motion a reexamination of the app store landscape, sparking debates about antitrust regulations and the balance of power in the ever-evolving world of digital commerce.
Tim Sweeney, CEO of Epic Games, stated "this is a monumental step in the ongoing fight for fair competition in digital markets and for the basic rights of developers and creators." In the coming years, the legal structure controlling internet firms and app store regulations will probably be shaped by the fallout from this trial.
Users of Google Android and Apple iPhone smartphones have recently received a vital warning to immediately remove certain apps from their devices. The programs that were found to be potentially dangerous have been marked as posing serious concerns to the security and privacy of users.
The alarming revelation comes as experts uncover 17 dangerous apps that have infiltrated the Google Play Store and Apple App Store, putting millions of users at risk of malware and other malicious activities. These apps, primarily disguised as loan-related services, have been identified as major culprits in spreading harmful software.
The identified dangerous apps that demand immediate deletion include:
According to a report by Forbes, the identified apps can compromise sensitive information and expose users to financial fraud. Financial Express also emphasizes the severity of the issue, urging users to take prompt action against these potential threats.
Google's Play Store, known for its extensive collection of applications, has been identified as the main distributor of these malicious apps. A study highlights the need for users to exercise caution while downloading apps from the platform. The study emphasizes the importance of app store policies in curbing the distribution of harmful software.
Apple, recognizing the gravity of the situation, has announced its intention to make changes to the App Store policies. In response to the evolving landscape of threats and the increasing sophistication of malicious actors, the tech giant aims to enhance its security measures and protect its user base.
The urgency of the situation cannot be overstated, as the identified apps can potentially compromise personal and financial information. Users must heed the warnings and take immediate action by deleting these apps from their devices.
The recent discovery of harmful programs penetrating well-known app shops serves as a sobering reminder of the constant dangers inherent in the digital world. Users need to prioritize their internet security and be on the lookout. In an increasingly linked world, it's critical to regularly check installed apps, remain aware of potential threats, and update device security settings.