Connect with us

Technology

Microsoft AI Has the Potential to Become an Automated Phishing Scheme

Published

on

Microsoft sped up to integrate generative AI into its core systems. The company’s Copilot AI technology can retrieve responses from your emails, Teams chats, and files when you ask questions regarding an upcoming meeting, which might be quite helpful in terms of efficiency. However, hackers may also take advantage of these very procedures.

Researcher Michael Bargury is showcasing five proof-of-concept ways that Copilot, which runs on its Microsoft 365 apps, like Word, can be manipulated by malicious attackers today at the Black Hat security conference in Las Vegas. These ways include using it to provide false references to files, exfiltrate some private data, and evade Microsoft’s security measures.

Arguably, one of the most concerning demonstrations is Bargury’s capacity to transform the AI into an autonomous spear-phishing apparatus. Known as LOLCopilot, the red-teaming code that Bargury developed can, crucially, be used by hackers to see who you regularly email, draft a message that mimics your writing style (including the use of emojis), and send a customized blast that may contain malware or a malicious link once they have access to a target’s work email.

Cofounder and CTO of security firm Zenity Bargury says, “I can do this with everyone you have ever spoken to, and I can send hundreds of emails on your behalf.” Bargury released his research along with videos demonstrating how Copilot may be misused. “A hacker would spend days crafting the right email to get you to click on it, but they can generate hundreds of these emails in a few minutes.”

This example, like other assaults developed by Bargury, primarily operates by utilizing the large language model (LLM) as intended: inputting written queries to obtain information that the AI can acquire. Nevertheless, if it contains extra information or commands to carry out certain tasks, it may have harmful effects. A few of the difficulties in integrating AI systems with corporate data are brought to light by the research, along with the potential consequences of incorporating “untrusted” external data, especially when the AI produces results that appear legitimate.

Among the other assaults that Bargury designed is an example of how a hacker might obtain sensitive data, like people’s salaries, without inadvertently triggering Microsoft’s defenses for sensitive files. This hacker, of course, must first have gained control of an email account. Bargury’s prompt requests that the system not give references to the files from which the data is extracted. Bullying occasionally does assist, according to Bargury.

In other cases, he demonstrates how an attacker can modify responses regarding banking information to reveal their own bank details. This attacker doesn’t have access to email accounts, but instead taints the AI’s database by sending it a malicious email. According to Bargury, “Every time you give AI access to data, that is a way for an attacker to get in,” 

Another example demonstrates how an outside hacker could obtain certain restricted knowledge regarding the potential success or failure of an impending corporate earnings call. The last example, according to Bargury, transforms Copilot into a “malicious insider” by sending users to phishing websites.

Microsoft’s head of AI incident detection and response, Phillip Misner, said the company has been collaborating with Bargury to evaluate the findings and is grateful that he discovered the issue. According to Misner,  “The risks of post-compromise abuse of AI are similar to other post-compromise techniques,” “Security prevention and monitoring across environments and identities help mitigate or stop such behaviors.”

In the last two years, generative AI systems have advanced to the point where, like Google’s Gemini, Microsoft’s Copilot, and OpenAI’s ChatGPT, they may ultimately perform human-like jobs like making reservations for events or making online purchases. But as security experts have shown time and time again, letting outside data into AI systems—for example, by email or by reading content from websites—raises the possibility of indirect trigger injection and poisoning attacks.

As a security researcher and red team director who has widely shown security flaws in AI systems, Johann Rehberger adds, “I think it’s not that well understood how much more effective an attacker can actually become now.” “What we have to be worried [about] now is actually what is the LLM producing and sending out to the user.”

Rehberger cautions in general that a number of data problems may be traced back to the long-standing issue of businesses permitting an excessive number of employees to view files and failing to properly arrange access permissions throughout their enterprises. Rehberger continues, “Now imagine you put Copilot on top of that problem.” He claims to have employed AI systems to look up popular passwords like Password123, and that the algorithms have produced findings from within businesses.

Rehberger and Bargury agree that monitoring the output that an AI generates and transmits to a user needs to be given greater attention. According to Bargury, “The risk is about how AI interacts with your environment, how it interacts with your data, how it performs operations on your behalf,” “You need to figure out what the AI agent does on a user’s behalf. And does that make sense with what the user actually asked for.”

Technology

Sony has Revealed the PlayStation 5, PS5 Pro, and a Limited Edition PSOne-Style Device

Published

on

In the PlayStation video below, the collection was unveiled along with a limited-edition DualSense, DualSense Edge, and PlayStation Portal. All products will be available for preorder starting on September 26 and will ship on November 21.

There are just 12,300 PS5 Pro bundles available worldwide, making it probably the most limited edition. Included in the bundle are the DualSense Edge controller and case in the iconic PlayStation design, along with the PS5 Pro itself, a vertical stand, a charging station, and other accessories. Along with four cable ties designed in the image of the sacred symbols, an original PlayStation controller-style cable connector, a sticker, poster, and paperclip are also included.

The PlayStation 5 Slim Digital Edition is the other console that is available; however, if you want to utilize discs on the retro-themed console, you will still need to purchase a matching disc drive cover. Along with four cable ties designed to resemble sacred symbols, a sticker, poster, paperclip, and the original PlayStation controller-style cable connector, it also includes a standard DualSense controller and a vertical stand.

Sony withheld the pricing of any of the collection’s products, but enthusiasts who aren’t willing to shell out a lot of cash will be glad to hear that the DualSense controller and DualSense Edge will be sold individually.

As stated on the PlayStation Blog, preorders will be accessible to PlayStation Network account holders via PlayStation Direct on September 26. Additionally, between September 26 and October 10, participating shops will be taking preorders for the DualSense controller and the PS5 Digital Edition. On September 26, those who wish to preorder PlayStation Direct in nations where it is not accessible can do so at participating retailers.

At a technical conference on September 10, PlayStation unveiled the PS5 Pro and its $699.99 price tag. Those who like to use discs and stand their PS5 Pro upright will have to shell out approximately $805 since the regular model does not come with a disc drive or vertical stand.

Continue Reading

Technology

Google experiments with Android tablets’ desktop windowing

Published

on

Google is testing a new feature for Android tablets that would allow you to easily rearrange apps on your screen and resize them, which will facilitate multitasking. Developer previews of the “desktop windowing” functionality are now accessible, and you can even run multiple instances of the app simultaneously if they support it.

At the moment, Android tablet apps always open in full screen mode. Each program will show up in a window with controls to let you move, maximize, or close it when the new mode is enabled. Moreover, your open programs will be listed in a taskbar at the bottom of the screen.

It sounds a lot like Stage Manager for the iPad, which allows you to do the same with windows on your screen, or with almost any desktop operating system. For years, Samsung has also provided its DeX experience, which gives Android apps on Galaxy phones and tablets desktop-like window management.

When the functionality becomes available to all users, you may activate it by tapping and holding the window handle located at the top of an application’s screen. The shortcut meta key (Windows, Command, or Search) + Ctrl + Down can also be used to enter desktop mode if a keyboard is connected. (You can drag a window to the top of your screen to dismiss the mode, or you can close all of your open apps.)

Apps that are locked to portrait orientation can still be resized, according to Google, which could have odd visual effects if some apps aren’t optimized. Google intends to fix this in a later release, though, by scaling non-resizable apps’ user interfaces without changing their aspect ratios.

For the time being, users with the most recent Android 15 QPR1 Beta 2 for Pixel Tablets can access the developer preview.

Continue Reading

Technology

Sony Faces Backlash for Pricing PlayStation 5 Pro Well Above Xbox

Published

on

Sony Group Corp. has set the price of its new, faster PlayStation 5 Pro at $700, significantly higher than Microsoft’s Xbox Series X, which costs $600. The PlayStation 5 Pro, launching on November 7, comes at a $200 premium over the original PS5, suggesting Sony is targeting a loyal audience willing to pay extra for enhanced performance.

This pricing positions both Sony and Microsoft at the high end of the gaming console market. Four years into their product life cycles, the two most popular home consoles are moving towards premium models. Analysts are split on whether Sony’s pricing strategy will drive sales, especially as it seeks to grow its entertainment portfolio across gaming, anime, and film.

Industry analyst Serkan Toto described the PlayStation 5 Pro as a niche device aimed at hardcore PlayStation users, rather than a mass-market offering. “It’s about Sony skimming the absolute top end of the market,” he said, with the gaming world questioning Sony’s high pricing.

Others speculate that Sony’s pricing strategy is aimed at boosting margins, particularly after recent price hikes in Japan due to rising component costs like chips. The new console will allow for higher resolution and faster frame rates without requiring users to switch between performance modes, delivering 45% faster rendering than the standard PS5, according to lead architect Mark Cerny.

Despite the steep price, some analysts believe Sony could benefit. Citi analyst Kota Ezawa pointed out that no previous game console successor has been priced significantly higher than the original model, and that the PS5 Pro’s improved components may not justify such a big price jump. Nevertheless, the higher price could enhance Sony’s gross margins.

The PlayStation 5, which has sold over 59 million units since its 2020 release, has slightly lagged behind the PlayStation 4. The increased cost of the PS5 Pro may narrow its appeal, as the price edges closer to that of a gaming PC—one of the console market’s biggest competitors.

Reviewers also highlighted the lack of a disc drive in the new model, reflecting a broader industry shift from physical media to digital content. A disc drive will be available separately for purchase.

In a blog post, Sony announced that the PS5 Pro would enhance the performance of older titles, with several popular games such as Hogwarts Legacy, Final Fantasy VII Rebirth, and Spider-Man 2 receiving free updates to take advantage of the console’s new features.

Continue Reading

Trending

error: Content is protected !!