Keep an eye on Digital ID attacks – your face ID can be exploited by malefactors
sUAS News, January 17, 2022
Researchers have learned how to find security vulnerabilities in camera systems on autonomous vehicles so that problems can be resolved.
According to Yan, an assistant professor of computer science and engineering, it all started when one day he broke a drone and contacted support. Drone repair support representatives became interested in what the drone was used for, and this project was born. The team was developing a very simple enemy attack. It exploits a vulnerability in camera systems that could allow a hacker to seize control of a drone from its pilot. Jan’s Safe and Intelligent Things Lab at the College of Engineering has made an interesting discovery by discovering how drones can be fooled. All that is required is to make them think they are heading for an obstacle. To do this, you need only two bright spots of light, for example, from searchlights or flashlights.
Yan and his colleagues are attacking products so their manufacturers can fix security problems. Thus, the research team is acting as part of a kind of white hacking, protecting both the manufacturer and future buyers.
Dark Reading, January 19, 2022
Today, it is absolutely no secret to anyone that deepfake technologies are developing at a tremendous speed, and after several waves of the pandemic, attackers have begun to use more and more sophisticated methods of attack, including impersonating others.
For example, today, in 2022, deepfake technology has become good enough that an attacker can fake a video with the identity of a person in order to obtain the desired data or something else. In particular, the well-known phishing attacks have reached a new level, in which an attacker can now deceive his victims with the help of video and even a fake voice. There have already been cases when employees of large companies gave out confidential data to attackers, believing the veracity of a fake voice.
In addition to the fact that forged voices can now be extremely plausible, the success of such attacks lies in urgency – the employee often has to fulfill the request immediately, while it is impossible to verify the truth of the intentions of his manager (and in this case the attacker).
The article reveals several options for protecting against such attacks – while artificial intelligence itself can play a significant role in this issue. In addition, measures such as the use of blockchain, multi-factor authentication or signatures can also mitigate risks.
Enisa, January 20, 2022
Digital identity has been discussed in detail in two reports from the European Union Cybersecurity Agency (ENISA) – an analysis of self-sovereign identity (SSI) and a study of major face presentation attacks.
Today, it is critical that digital identities are securely secured for secure access to a variety of services that today are protected by smart identities. For example, this is relevant for services in the financial sector, e-commerce, delivery or transport platforms, telecommunications, and public administration services.
At the same time, the goal of the EU regulation on electronic identification and trust services, or eIDAS Regulation, is to provide a common framework for protecting electronic transactions between citizens, businesses and government agencies.
At the same time, the main objectives of the eIDAS regulation are to ensure the security of electronic identification and authentication in cross-border online services offered in member states. The new SSI Sovereign Identity technology is detailed in the reports and discusses possible ways to enhance security measures in the use of data in connection with these technologies. The remote identity verification report builds on the previous ENISA remote identity verification report. It analyzes the various methods used for remote identity verification.
More details about the new reports can be found at the link.
Subscribe for updates
Stay up to date with what is happening! Get a first look at news, noteworthy research and worst attacks on AI delivered right in your inbox.