Malwarebytes researchers noted that vulnerable VMware ESXi virtual machines impacted with the updated ESXiArgs ransomware could not be decrypted with the data recovery script issued by the …
OpenAI’s ChatGPT conversational artificial intelligence tool is capable of doing many things, with users demonstrating how it can write essays for students and cover letters for job seekers. Cybersecurity researchers have now shown it can also be used to write malware.
In recent years, cybersecurity vendors have used AI in products such as advanced detection and response to look for patterns in attacks and deploy responses. But recent demonstrations from CyberArk and Deep Instinct have shown that ChatGPT can be used to write simple hacking tools, perhaps pointing to a future in which criminal organizations use AI in an arms race with the good guys.
FEDERAL AGENCIES FAILED AT CYBERSECURITY MEASURES, GOVERNMENT WATCHDOG FINDS
OpenAI has designed ChatGPT to reject overt requests to do something unethical. For example, when Deep Instinct threat intelligence researcher Bar Block asked the AI to write a keylogger, ChatGPT said it would not be “appropriate or ethical” to help because keyloggers can be used for malicious purposes.
However, when Block rephrased the request, asking ChatGPT to give an example of a program that records keystrokes, saves them to a text file, and sends the text file to a remote IP address, ChatGPT happily did so. By asking ChatGPT to give an example of a program that takes a list of directories and encrypts the information in them, Block was also able to get ChatGPT to give her an example of ransomware.
However, in both cases, ChatGPT left some work for her to do before getting a functioning piece of malware. It appears “that the bot provided inexecutable code by design,” Block wrote in a blog post.
“While ChatGPT will not build malicious code for the everyday person who has no knowledge of how to execute malware, it does have the potential to accelerate attacks for those who do,” she added. “I believe ChatGPT will continue to develop measures to prevent this, but … there will be ways to ask the questions to get the results you are looking for.”
In coming years, the future of malware creation and detection “will be tangled…
Across the US, countless buildings, from government offices to your next hotel room door, are protected by RFID-controlled locks. On a recent trip to my office, I passed nearly 20 of these keyless entry systems, which are among the most pervasive in the world. But a playful palm-sized gadget with a Tamagotchi-like interface can likely thwart the locks on many of these doors.
The $200 device is called Flipper Zero, and it’s a portable pen-testing tool designed for hackers of all levels of technical expertise. The tool is smaller than a phone, easily concealable, and is stuffed with a range of radios and sensors that allow you to intercept and replay signals from keyless entry systems, Internet of Things sensors, garage doors, NFC cards, and virtually any other device that communicates wirelessly in short ranges. For example, in just seconds, I used the Flipper Zero to seamlessly clone the signal of an office RFID badge tucked safely inside my wallet.
If you had only heard about Flipper Zero through TikTok, where the tool has gone viral, you might think that it was a toy that could make ATMs spit out money, cars unlock themselves, and gas spill out of pumps for free. I spent the last week testing one to determine whether the world was as vulnerable to Flipper Zero as social media made it out to be. What I found was mixed: Many of the most dramatic videos posted to TikTok are likely staged—most modern wireless devices are not susceptible to simple replay attacks—but the Flipper Zero is still undeniably powerful, giving aspiring hackers and seasoned pen-testers a convenient new tool to probe the security of the world’s most ubiquitous wireless devices.
In reviews, people liken Flipper Zero to a Swiss Army knife for physical penetration testing. But in my week testing Flipper Zero, it felt more like a blacklight—something I could literally hold up to a device that would reveal information, invisible to the human eye, about how it worked, what data it was emitting, and how often it was doing so.
Here’s a brief list of some things I’ve learned with the help of Flipper Zero this week: Some animal microchips will tell you the body temperature of your pet. My neighbor’s…
Apple has been working hard to increase the security of its operating systems and devices, and this has been proven considering that hackers had a hard time creating a jailbreak tool for iOS 15. But those who are enthusiastic about modifying iOS can now celebrate, as the palera1n team has released a jailbreak tool compatible not only with iOS 15 but also with iOS 16.
For those unfamiliar, the jailbreak process removes software restrictions on iOS devices so that the user can access and modify system files, which enables all kinds of modifications such as tweaks, themes, and sideloading of apps outside of the App Store. Apple, of course, has always stood against the process of jailbreaking its devices.
The palera1n jailbreak is based on checkm8, an exploit discovered back in 2019. The exploit is considered “unpatchable” since it was found in the bootrom of Apple’s chips from the A5 to the A11 Bionic. Of course, Apple can change other parts of the system to prevent hackers from taking advantage of this exploit, but the company can’t do anything to fix it permanently on older devices.
According to the developers behind the new jailbreak tool, it works with any version of the operating system from iOS 15.0 to iOS 16.2, which was released this week for users. It’s unclear whether the tool also works with the recently released iOS 16.3 beta.
However, it’s worth noting that the list of devices affected by the checkm8 exploit that can also run iOS 16 is not a long one. So these are the iPhone and iPad models that can be jailbroken with palera1n on iOS 16:
The team warns that the jailbreak tool is still experimental and developer-focused. The process is still quite complex and requires a computer with Linux or Mac. Another thing to keep in mind is that only a few tweaks are compatible with iOS 16 at this…