Tag Archive for: private

Sinister AI ‘eavesdropping’ trick lets ‘anybody read private chats’ on your Android or iPhone, security experts reveal

/in


CYBERCRIMINALS can spy on users’ conversations with artificial intelligence-powered chatbots, experts have warned.

Ever since ChatGPT came out in November 2022, cybersecurity experts have been concerned with the technology.

Criminals can spy on users’ conversations with AI chatbotsCredit: Getty

ChatGPT is an advanced chatbot that can seamlessly complete tasks like writing essays and generating code in seconds.

Today, several chatbots function like ChatGPT, including Google’s Gemini and Microsoft’s Copilot within Bing.

The chatbots are easy to use, and many users quickly get captivated into conversations with the natural-language companions.

However, experts have expressed concerns over users sharing personal information with AI chatbots.

ChatGPT can collect highly sensitive details users share via prompts and responses.

It can then associate this information with a user’s email address and phone number, and store it.

That’s because to use the platform, users need to provide both an email address and mobile phone number.

Users cannot bypass this by using disposable or masked email addresses and phone numbers.

Most read in Phones & Gadgets

As a result, ChatGPT is firmly tied to your online identity as it records everything you input.

What’s more, this private data can also be obtained by cybercriminals if they are keen enough.

ChatGPT creator reveals more creepy videos after announcing major change & fans are shocked by ‘cyborg’ German Shepherd

“Currently, anybody can read private chats sent from ChatGPT and other services,” Yisroel Mirsky, the head of the Offensive AI Research Lab at Israel’s Ben-Gurion University, told Ars Technica in an email.

“This includes malicious actors on the same Wi-Fi or LAN as a client (e.g., same coffee shop), or even a malicious actor on the internet — anyone who can observe the traffic.”

This is known as a “side-channel attack,” and it can be very dangerous for victims.

“The attack is passive and can happen without OpenAI or their client’s knowledge,” Mirsky revealed.

“OpenAI encrypts their traffic to prevent these kinds of eavesdropping attacks, but our research shows that the way OpenAI is using encryption is flawed, and thus the content of the…

Source…

Hackers can access your private, encrypted AI assistant chats

/in


Facepalm: For some, AI assistants are like good friends whom we can turn to with any sensitive or embarrassing question. It seems safe, after all, because our communication with them is encrypted. However, researchers in Israel have discovered a way for hackers to circumvent that protection.

Like any good assistant, your AI knows a lot about you. It knows where you live and where you work. It probably knows what foods you like and what you are planning to do this weekend. If you are particularly chatty, it may even know if you are considering a divorce or contemplating bankruptcy.

That’s why an attack devised by researchers that can read encrypted responses from AI assistants over the web is alarming. The researchers are from the Offensive AI Research Lab in Israel, and they have identified an exploitable side-channel present in most major AI assistants that use streaming to interact with large language models, with the exception of Google Gemini. They then demonstrate how it works on encrypted network traffic from OpenAI’s ChatGPT-4 and Microsoft’s Copilot.

“[W]e were able to accurately reconstruct 29% of an AI assistant’s responses and successfully infer the topic from 55% of them,” the researchers wrote in their paper.

The initial point of attack is the token-length side-channel. In natural language processing, the token is the smallest unit of text that carries meaning, the researchers explain. For instance, the sentence “I have an itchy rash” could be tokenized as follows: S = (k1, k2, k3, k4, k5), where the tokens are k1 = I, k2 = have, k3 = an, k4 = itchy, and k5 = rash.

However, tokens represent a significant vulnerability in the way large language model services handle data transmission. Namely, as LLMs generate and send responses as a series of tokens, each token is transmitted from the server to the user as it is generated. While this process is encrypted, the size of the packets can reveal the length of the tokens, potentially allowing attackers on the network to read conversations.

Inferring the content of a response from a token length sequence is challenging because the responses can be several sentences…

Source…

Hackers can read private AI-assistant chats even though they’re encrypted

/in


Hackers can read private AI-assistant chats even though they’re encrypted

Aurich Lawson | Getty Images

AI assistants have been widely available for a little more than a year, and they already have access to our most private thoughts and business secrets. People ask them about becoming pregnant or terminating or preventing pregnancy, consult them when considering a divorce, seek information about drug addiction, or ask for edits in emails containing proprietary trade secrets. The providers of these AI-powered chat services are keenly aware of the sensitivity of these discussions and take active steps—mainly in the form of encrypting them—to prevent potential snoops from reading other people’s interactions.

But now, researchers have devised an attack that deciphers AI assistant responses with surprising accuracy. The technique exploits a side channel present in all of the major AI assistants, with the exception of Google Gemini. It then refines the fairly raw results through large language models specially trained for the task. The result: Someone with a passive adversary-in-the-middle position—meaning an adversary who can monitor the data packets passing between an AI assistant and the user—can infer the specific topic of 55 percent of all captured responses, usually with high word accuracy. The attack can deduce responses with perfect word accuracy 29 percent of the time.

Token privacy

“Currently, anybody can read private chats sent from ChatGPT and other services,” Yisroel Mirsky, head of the Offensive AI Research Lab at Ben-Gurion University in Israel, wrote in an email. “This includes malicious actors on the same Wi-Fi or LAN as a client (e.g., same coffee shop), or even a malicious actor on the Internet—anyone who can observe the traffic. The attack is passive and can happen without OpenAI or their client’s knowledge. OpenAI encrypts their traffic to prevent these kinds of eavesdropping attacks, but our research shows that the way OpenAI is using encryption is flawed, and thus the content of the messages are exposed.”

Source…

How to Enable Private DNS on Android Devices

/in


In today’s digital world, online privacy has become a crucial concern. While Android offers various security features, one often overlooked gem is the Private Domain Name System (DNS). This powerful tool encrypts your internet traffic, shielding your browsing activity from snooping eyes and boosting your overall online security.

Think of DNS as the internet’s phonebook, translating website names into computer-readable addresses. Traditionally, this process was unencrypted, leaving your browsing data exposed to your Internet Service Provider (ISP) or other third parties. Private DNS encrypts this communication, creating a secure tunnel for your internet requests, and adding a layer of privacy and protection.

Google has brought DNS over TLS support to Android by introducing the Private DNS feature. It’s available in Android 9 (Pie) and higher and encrypts all DNS traffic on the phone, including from apps.

The feature is enabled by default and uses a secure channel to connect to the DNS server if the server supports it. But if your ISP or cell service provider’s DNS doesn’t have encrypted DNS support, or you are simply not sure about it, you can use a third-party secure DNS server using the Private DNS feature.

The benefits of secure Private DNS include enhancement of privacy, improved security, and faster browsing. In this guide, we will show you how to activate this powerful feature on your Android device, step-by-step.

Source…