[The Two Faces of AI] ① Deceiving as Security Experts... IP Cameras Hacked in an Instant

# When asked ChatGPT to find vulnerabilities in IP camera program code, it responded within 3 seconds. Next, it was asked to create malicious code to exploit these vulnerabilities. When asked directly, it refused to answer, so a slight deception was used. The questioner introduced themselves as a security expert and persuaded that the purpose was to fix the vulnerabilities. Then, it willingly provided the malicious code. Running the code displayed the IP camera footage on the PC screen. Within about an hour, someone's daily life was compromised. Park Se-jun, CEO of the security startup Theory, which demonstrated this, explained, "What could take a month depending on skill level was done instantly by ChatGPT," adding, "If you have some domain knowledge, it can be misused."

With the rise of generative AI, our digital security is under threat. AI is being used to write malicious code or phishing emails as if it were doing tasks on our behalf. The AI itself, trained on vast data, can also become a target. In such cases, various data can be leaked, or systems connected to the AI can be paralyzed. Like the movie Terminator, AI could become the most threatening entity to security.

[Image source=Pixabay]

First, AI can be used as a hacking tool. If you ask ChatGPT how to gain website administrator privileges, it can help hijack the homepage. After accessing with admin rights, user information can be viewed. If you request malicious code to encrypt the system, it can take down the homepage. It disables the existing homepage data so it cannot be recognized. Phishing emails that induce installing malicious software (SW) can also be convincingly created. Instead of awkwardly translated phrases like "Dear OO," the email can be written as if from a job applicant who saw the recruitment notice. The day when financial fraud is committed through AI-generated deepfake videos and deepvoice audio is not far off.

Using AI lowers the entry barrier for cybercrime. Even novice hackers can more easily find vulnerabilities in targets and rapidly increase the scale of damage. Although the current level of hacking tools created by AI is not high, sophistication is only a matter of time.

Until now, hacking was considered a domain difficult for AI to conquer. AI learns probabilistic patterns close to correct answers from existing data, whereas hackers must understand existing systems well but find patterns that deviate from them. However, now AI can be leveraged even in fields requiring some creativity. CEO Park said, "When attempting hacking with GPT 4.0 compared to GPT 3.5, accuracy improved significantly," adding, "At this rate of development, I think AI could carry out threatening attacks."

AI-related Security Threats
Photo by KISA

AI itself can also become a target. ChatGPT has learned from countless data floating on the web. It is still acquiring questions posted by users worldwide. This includes confidential information from some companies. If the massive 'data dam' that is ChatGPT is attacked, confidential information can be leaked, and various connected systems can be paralyzed. This is why companies like Samsung and Apple have issued internal 'ChatGPT bans.'

Concerns are becoming reality. The Chinese hacker group 'Xiaoqiying' used AI earlier this year when attacking domestic academic institution websites. It is known they asked AI for hacking code and received answers. In the online community 'Dark Web' used by hackers, inquiries related to chatbots like ChatGPT surged from 120 in January to 870 in February this year. Most of the content shared methods to spread malicious programs using ChatGPT and others.

IT gurus have issued chilling warnings. Eric Schmidt, former CEO of Google, expressed concern, saying, "AI can be used for zero-day attacks," and "It poses an existential risk where many people could be hurt or killed." A zero-day attack refers to immediately exploiting security vulnerabilities found in core systems such as operating systems.

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.