AI presents people and companies with benefits and risks

SMART Access & Identity 2023 Editor's Choice

Artificial intelligence (AI) and all its derivatives have become a staple in the news over the past few years. Just like video analytics in its early stages, AI promoters oversold the benefits and the technology generally failed to deliver on its promises.

Times have changed though, and AI capabilities have advanced significantly, with even more dramatic advances in the pipeline. In the access control and identity management markets, AI has only recently been seen as a boon to access control with its ability to manage secure access in both the physical and digital worlds. This trend will only continue to grow, although slowly as physical access control installations tend to have a longer lifespan than other technologies. The most development we will see is in integrating access and building management technologies.

In the digital access and identity management world, AI has moved much faster in areas such as facial recognition, even via a mobile. These advances will only continue, including identification at a distance via surveillance cameras as well as behavioural recognition and identification – technologies that have already been developed and deployed. Big Brother will be watching closer than ever in future.

So, while AI will have many positive benefits that will enhance not only the access and identification markets, operational efficiency and situational awareness beyond human capabilities, we will also see the technologies used to create and deploy some of the most dangerous cyber threats.

Following are two opinions on the latest AI newsmaker, the ChatGPT chatbot. Many people have been victimised by companies claiming their chatbots provide support to customers, much to the frustration of said customers when they discover the AI is only used to keep people from talking to a real person and getting their problems or questions resolved. By all accounts, this chatbot is the real thing, using deep learning techniques to generate text and conversations often indistinguishable from those created by actual humans. It has taken the news world by storm and is gaining a lot of attention, while also feeding its own learning algorithms with all the people ‘playing’ with it.

In the world of access control, the abilities of ChatGPT present a real threat to individuals and companies already struggling to defend access and identity against phishing attacks.

Cybersecurity dangers behind impressive new technology

By Anna Collard, SVP content strategy & evangelist at KnowBe4 Africa.

Anna Collard.

It is now possible to use a publicly available artificial chatbot to generate a complete infection chain, possibly beginning with a spear phishing email written in entirely convincing human-like language and eventually causing a complete takeover of a company’s computer systems.

Researchers at Checkpoint recently created such a plausible phishing email as a test. They only used ChatGPT, a chatbot that uses deep learning techniques to generate text and conversations that can convince anyone that a real person wrote it.

In reality, there are many potential cybersecurity dangers wrapped up in this impressive technology, developed by OpenAI and currently available online free.

Here are just a few of them:

1. Social engineering: ChatGPT’s powerful language model can be used to generate realistic and convincing phishing messages, making it easier for attackers to trick victims into providing sensitive information or downloading malware.

2. Scamming: The generation of text through ChatGPT’s language models allows attackers to create fake ads, listings and many other forms of scamming material.

3. Impersonation: ChatGPT can be used to create a convincing digital copy of an individual’s writing style, allowing attackers to impersonate their target in a text-based setting, such as in an email or text message.

4. Automation of attacks: ChatGPT can also be used to automate the creation of malicious messages and phishing emails making it possible for attackers to launch large-scale attacks more efficiently.

5. Spamming: The language model can be fine-tuned to produce large amounts of low-quality content, which can be used in a variety of contexts, including as spam comments on social media or in spam email campaigns.

All five points above are legitimate threats to companies and all Internet users that will only become more prevalent as OpenAI continues to train its model.

If the list above managed to convince you, the technology succeeded in its purpose, although in this instance not with malicious intent. ChatGPT wrote all the text from points one to five with minimal tweaks for clarity. The tool is so powerful it can convincingly identify and word its own inherent dangers to cybersecurity.

However, there are mitigating steps individuals and companies can take, including new-school security awareness training. Cybercrime is moving at light speed. A few years ago, cybercriminals used to specialise in identity theft, but now they take over your organisation’s network, hack into your bank accounts, and steal tens or hundreds of thousands of rand.

An intelligent platform like ChatGPT created with the best intentions, only adds to the burden on Internet users to always stay vigilant, trust their instincts and always know the risks involved in clicking on any link or opening an attachment.

A marvel for some, a cybersecurity threat for most

By Stephen Osler, co-founder and business development director at Nclose.

Stephen Osler.

Companies are lining up to invest in ChatGPT, but what risks come with this ingenious tool for creating human-like text?

Microsoft is reportedly investing $10 billion in OpenAI, the owner of the somewhat controversial large language model chatbot ChatGPT. It uses a deep learning technique to generate text and conversations often indistinguishable from those created by actual humans.

ChatGPT has dazzled amateurs and industry experts ever since its launch at the end of November last year. Given a prompt, ChatGPT can answer complex questions, provide suggestions and even debug programming code all while sounding extremely human.

It is very hard to believe a machine-learning algorithm created the text. Prompted with the question of how it works, ChatGPT explained it uses “a large dataset of text” so that it has “knowledge about a wide range of topics and can respond to a wide variety of questions and prompts”.

On the surface, this might sound like an amazing invention that can be used to explain complex concepts in simple terms. Brainstorm creative ideas, or even automate certain actions like customer support, write memos or keep minutes of meetings. However, it also poses a serious threat to cybersecurity.

Because ChatGPT can be used to write code, malicious actors have already started using it to build malware, sites on the dark web and other tools for enacting cyberattacks. Someone with no prior knowledge of coding can theoretically use ChatGPT to produce dangerous malware. OpenAI, the developer of ChatGPT, gave assurances that it has put restrictions in place to restrict the use of the bot to create malware, but on various online forums, users are boasting about still being able to find workarounds.

The average Internet user can do little to stop these actors from creating malicious software using ChatGPT. It just means that everyone should be extra vigilant of possible malware attacks.

The risk is especially prevalent in phishing emails, a method often used by criminals to serve malware embedded within links or attachments. Usually, poor spelling and incoherent grammar are the most telling traits of a scam email. “Everyone knows to be on the lookout for dodgy wording in an email and then to never click on links or open attachments in such emails, but ChatGPT brings with it a new threat: perfectly written, human-sounding emails that can be very, very convincing.”

This means a bad actor can ask ChatGPT to write a perfectly harmless-looking email that can either contain a link that downloads a malicious file or convinces the reader to supply compromising information like login details.

Cybercriminals have gotten very good at convincing the untrained eye that they are trustworthy. With the advent of ChatGPT it will become even harder to spot the fakes from the real deal. Internet users should always double, no triple check, if the recipient of an email is indeed the correct one. Always make sure you are receiving from and sending an email to the correct recipients.

Legitimate email address is something that an AI language bot like ChatGPT cannot fake. At least not yet.


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Off-grid power solution for residential estate
Editor's Choice Security Services & Risk Management Residential Estate (Industry) Products
Coral Beach Estate, an upmarket residential estate based in East London, has been struggling with load shedding and power outages due to South Africa's energy crisis, as well as the vandalism of its power infrastructure.

Eleven steps to an effective ransomware response checklist
Editor's Choice Cyber Security
Anyone is a viable target for ransomware attacks and should have a plan in place to deal with a worst-case scenario. Fortinet offers this ransomware attack response checklist to effectively deal with an active ransomware attack.

Top seven trends for the security industry
Hikvision South Africa Editor's Choice
Expect security systems to become even more deeply integrated and comprehensive, expanding with capabilities that are now shouldering tasks that are more intelligent, to improve efficiency in security as well as other operational functions.

From the editor's desk: Drive to survive
Technews Publishing News
Nobody is surprised by the horrible driving habits of many people on South Africa’s roads. Lack of policing, except when collecting money, and the related overall acceptance and encouragement by government ...

AI’s take on physical security trends
Technews Publishing Editor's Choice
In Issue 1 every year, Hi-Tech Security Solutions looks at expected trends in the security industry, incorporating views from different sources. This year is no different, except we have a new contributor, ChatGPT from OpenAI.

HID Technology Seminar
Technews Publishing HID Global News Access Control & Identity Management Products
HID Global’s technology seminar introduced partners and distributors to the company’s new Signo range of readers and highlighted the benefits and global growth of mobile access credentials.

Celebrating a successful year
Gallagher Technews Publishing News Access Control & Identity Management Products
Gallagher Security hosted an end-of year event at the Steyn City Equestrian Centre in which it thanked its partners for another successful year and provided a glimpse into what the company will be releasing in 2023.

Developing an effective CCTV control room culture
Leaderware Editor's Choice CCTV, Surveillance & Remote Monitoring Training & Education
Organisational culture in organisations can be seen as the set of values, practices, focus, standards and behaviours, and ways of interacting with others that are accepted and subscribed to by the people who work there.

Women in Security
Technews Publishing Editor's Choice News
Hi-Tech Security Solutions together with ASIS International’s South Africa Chapter, will be focusing on women working within the South African physical security services and information technology sectors during 2023.

Innovation and service, 37 years and counting
Technews Publishing Impro Technologies Access Control & Identity Management Integrated Solutions
Innovation, simplicity and trust underpin the nearly 40 years of success of local access control brand, Impro Technologies, which is still run as an independent entity despite being acquired by ASSA ABLOY in 2016.