Google Pixel Phones Contain a Vulnerable Pre-Installed App

According to a recent report, Google Pixel devices shipped globally since September 2017 contain a severe vulnerability, latched within a pre-installed app. The application in question, Showcase.apk, can potentially expose millions of users to significant security risks. Researchers at iVerify discovered that this app has excessive system privileges. This enables it to remotely execute code and install arbitrary packages on the device.

Experts from other companies, including Palantir Technologies, and Trail of Bits state that the app poses considerable security risks for several reasons. First, it downloads a configuration file over an unprotected HTTP connection, making the file vulnerable to tampering. This allows attackers to execute code at the system level. The configuration file is downloaded from a single U.S.-based domain hosted on AWS, which further exacerbates the vulnerability. Also, the app is granted excessive privileges, which could have negative implications in certain scenarios, as discussed further.

Potential Exploitation Risks

The said APK file installs the Verizon Retail Demo Mode (“com.customermobile.preload.vzw”), a program developed by Smith Micro, a company specializing in enterprise software. In short, this app is designed to switch the devices into a showroom mode. It includes switching phones into demo mode, disabling certain features to prevent tampering or locking. This app requires nearly three dozen different permissions, including access to location and external storage. While the program itself is not inherently malicious – many companies use similar functionality – its implementation is somewhat different.

The main issue is that the app’s use of an unencrypted HTTP connection makes it vulnerable to “man-in-the-middle” (MitM) attacks. This could allow attackers to eavesdrop on the transferred data and inject their own Internet packages on the fly. This obviously opens gates to malicious code or spyware installation to the attacked device.

The good news is that the app is not enabled by default, meaning there is no potential attack surface unless it is activated. Despite the potential for abuse, there is currently no evidence that this vulnerability has been exploited in the wild. On the other hand, the app’s deep integration into the system firmware means users cannot uninstall it. At the same time, it could be activated if a threat actor gains physical access to the device and enables developer mode. Another possible case is when the phone may be vulnerable “out-of-box” is when one purchases a showroom stock device – large retailers often offer them at a nice discount, at the price of a used smartphone at times.

Google’s Response

Google responded to the research findings by stating that the vulnerability is not related to the Android platform or Pixel devices but rather to a package specifically developed for Verizon demo devices in stores. Additionally, Google emphasized that exploiting this app would require both physical access to the device and the user’s password. The company also noted that the app is not present on the latest Pixel 9 series devices and confirmed that it will be removed from all supported Pixel devices in a future software update. Showroom devices may need this software (or its equivalents) installed manually.

The post Google Pixel Devices Shipped with Vulnerable App appeared first on Gridinsoft Blog.

Fake Google Authenticator Downloading Page Promoted on Google Ads

On July 30, 2024 analysts noticed an advertisement on Google Search, that leads to a website mimicking the legit Google Authenticator downloading page. This is not the first ever abuse of a not ideal ad moderation in Google Ads, but this time frauds dare to fake Google itself. The exact scam advertisement uses fancy tricks that make the link in the ad look genuine. But upon clicking it, a chain of redirects is triggered, throwing the victim to chromeweb-authenticators.com website.

List of domains used in this scam

The website itself tries to copy the style of the original Authenticator page. It even contains links to genuine blog posts. What is different, however, is the presence of two tempting buttons that say “Download”. Thing is – Google never offered a desktop version of their MFA tool. And that is where the key part of the scheme happens.

Upon clicking any of two “Download” buttons, the site pulls the Authenticator.exe file from the GitHub repository. This way, hackers who stand behind the scheme prevent early detection: GitHub is considered safe, despite being used as a malware storage in a selection of attacks. But an unaware victim will confirm the download and run the fake Authenticator, launching the payload.

DeerStealer Inside of a Fake Google Authenticator

The payload is a sample of a rather new stealer malware, dubbed DeerStealer. It is rumored as a reworked variant of the XFiles infostealer, but that makes little to no difference for the user. Once the Authenticator.exe is running, it will launch the malicious payload via DLL hijacking. After that, DeerStealer effectively runs off-the-land, in the system memory, leaving no traces on the disk.

%SAMPLEPATH%\5d1e3b113e15fc5fd4a08f41e553b8fd0eaace74b6dc034e0f6237c5e10aa737.exe

Further, malware connects to one of several C2 addresses that it carries in the system memory, and sends the collected information. Aside from the stuff that is typical for infostealers – passwords, tokens, cryptowallets etc, it also collects a rather extensive system fingerprint: GUID, language, network configurations and computer name.

How to protect against malware scams?

The best protection against malware is to mitigate the problem proactively, so you won’t even get to the point when there is malware somewhere in your system. This, however, may be problematic: as you can see from the text above, threat actors have a lot of tricks to mess with people. That is why your attention, along with proper security software, is a key for avoiding malware infections.

Review sites you get the software from. Even if an ad from Google says the site is legit, it may be not, as you can see from this case. Always check the final URL, and, if not 100% sure, use trusted online URL scanner services. GridinSoft Online URL Scanner is a free service that will provide you with such capabilities.

Use reliable anti-malware software with proactive protection and network security. To avoid getting into next-level scams that are totally indistinguishable from legit sites, get yourself a protection that will detect such cases for you. GridinSoft Anti-Malware provides excellent protection against the most modern threats, and will cover you even during casual browsing.

The post Fake Google Authenticator Abuses Google Ads, Spreads Malware appeared first on Gridinsoft Blog.

Search Tabs for full information

Use Tabs introduced under the search bar if you need to get more complete information about the subject of the search. This advice may sound like a truism, however, there is still a significant amount of people who don’t use this function. If the object you are searching is quite popular, Google may offer you fresh news about it, as well as videos on YouTube.

Quotes for precise google searching

Sometimes, Google searching can disappoint you with useless results. Such a situation occurs when you are searching for a specific subject with a complex search query. When your search query looks like , the search engine will show you a lot of irrelevant or low-relevant websites, which, however, contain the majority of words of your query. Google tries to find the website where all words you typed are present, regardless of their order. But if you specify that you need to find an exact phrase by taking your search query into quotes (“ntoskrnl.exe error fix”), Google will try to find the phrase you inputted with a strict word order.

Hyphen to exclude excessive results

It’s quite a common case when your search queries have several commonly used meanings. For example, if you are googling for fast food images, you will see a lot of photos of full bunch of different fast food dishes. However, you are likely searching for other pics – without fries, for example. To avoid any results with fries during Google searching, add an unwanted adjective/subject to your search query, dividing it with the “-” symbol after the initial part of the query (fast food -fries).

Specify the websites you need

Imagine that you may need an article/deal from a specific website. It’s quite hard to find this post manually on this site. Google will show you a lot of different materials following this theme, but missing the website you need. To force the search engine to show you the results from the exact website, enter the site name in the search bar, using the following syntax:

Asterisk wildcard to uncover the forgotten words

I think everyone was in the situation when you want to find the song by a single line, but don’t remember several words of this line. There are no chances to find the song without any tricks – Google searching mechanisms will show you everything despite the song you need. To solve such a problem, enter the search query with the asterisk symbol substituting the forgotten words.

Google searching by the time period

Google searching about some events that took place in a specific period of the past is possible without this advice but will take much more time. For example, you need to find the list of prime ministers of the UK in the 90s. Usually, you search for the Wikipedia article that contains this information and then scroll down to the period you need. But if you will google “UK Prime Ministers 1990..”(exactly with 2 dots after the lower timeline border), you will see this list at the top of the results window. By analogy, you may search for something that was before the specified period, by simply adding 2 dots before the upper timeline border (..1990).

Professional slang for professional help

You may notice that Google will show you different forums or other low-trustworthy resources if you google something like “my chandelier is blinking constantly”. Of course, it is unlikely that you will get good advice on the mentioned resources. But it can be solved easily: just try to use more formalized vocabulary to form your search query: “repair the blinking chandelier”.

This is not a full list of hints that are embedded in the Google search engine. But these are the most useful and will surely help you to find exactly what you need. If you like this article, and this advice helped you with your queries, please, share it with your friends or on social networks.

The post Google Tricks For Better Searching appeared first on Gridinsoft Blog.

Mandiant has lost control of its X/Twitter account

Early this morning Eastern Time, cybersecurity company Mandiant’s account on the social network X (formerly Twitter) was taken over by unnamed hackers. However, Mandiant later regained control of its account after a six-hour breach. The unknown attacker exploited the account to propagate a cryptocurrency scam. He renamed it “@phantomsolw” to impersonate the Phantom crypto wallet service. By the way, the Phantom Company offers digital wallets for cryptocurrency, available on both Google and Apple app stores. However, the company ignored a request to comment on the incident.

Today Mandiant had their Twitter account stolen.

2024 starting strong pic.twitter.com/gHagm2o36q

— vx-underground (@vxunderground) January 3, 2024

Under the intruders’ control, the compromised account initially shared links to a cryptocurrency platform associated with Phantom. The scam posts from the account advertised an airdrop scam that urged users to click on a bogus link and earn free tokens. The follow-up messages asking Mandiant to “change the password please” and “check bookmarks when you get the account back”. Later, the Mandiant account appeared to have been deleted briefly before reappearing with changed usernames but retaining Mandiant logos.

How could this happen?

Perhaps someone might have been confused about how a cybersecurity company could fall victim to such an attack. However, the Mandiant account takeover could have occurred through various methods. Some experts suggested that the support personnel at Twitter were bribed or compromised, allowing the attacker to gain access. And these are legitimate concerns because after buying the social network, Elon Musk cut a vast security staff. As a result, this led to an uncontrollable flood of spam accounts and severe problems with the site’s security.

This speculation is particularly concerning, given the recent vulnerabilities discovered on the platform. Thus, Chaofan Shou, a Ph.D. student at the University of California – Berkeley, highlighted two significant vulnerabilities the platform’s security team had ignored. According to Shou, these vulnerabilities were easily identifiable by security professionals. They could be exploited to take over any account on the platform.

Again, those are nothing more than speculations and particularly loose hypotheses. While it is possible that X’s security issues are somehow related to this hack, nothing confirms that. The Okta hack, which happened in October 2023, confirms that even security vendors may sometimes fall victim to negligence and poor account security.

Mandiant’s response

Mandiant’s spokesperson acknowledged the incident and assured that they were working to resolve the issue. However, this breach at Mandiant, a firm renowned for its threat intelligence capabilities, acquired by Google in 2022 for $5.3 billion, illustrates the increasingly sophisticated nature of cyber threats. Or is this just another signal that Twitter is no longer a safe platform? In any case, with Mandiant now integrated into Google Cloud, the incident also shows the interconnected risks in the digital ecosystem. So, even leading security firms are not immune to cyber-attacks.

What should I do with such a scam?

The number of well-known companies that got their Twitter profile hacked to spread crypto scam over the last few weeks is concerning. This creates not only the crypto scam risk, but the possibility of misinformation or more serious scams. It is important to know how to act once you see the hacked account that spreads questionable links.

First and foremost, avoid following the links posted from such accounts. Either they lead to a crypto drainer, fake airdrop or investment scam page, it is not advisable to even visit them.

Second, report the account hack to X moderators. There is a specific option in the reports menu, called Deceptive Identities – that will let the system know that something is going wrong.

Spread the info about the hack with your friends and subscribers. The more people know about such a scam, the less is the chance of them getting frauded now and in the future.

The post Mandiant Account in X Hacked to Spread Cryptocurrency Scams appeared first on Gridinsoft Blog.

Kinsta Phishing: Hackers Exploit Google Ads

In an email notification, Kinsta shares that cybercriminals use Google Ads as the primary vector for their phishing attacks. These attackers specifically target individuals who have previously visited Kinsta’s official websites. They craft fraudulent websites that closely mimic Kinsta’s own, cunningly enticing users to click on them.

The email from Kinsta states:

The Impact

This incident highlights a broader trend of cybercriminals exploiting Google Ads to deceive users and compromise their security. I’ve reviewed the first massive case of 2023 back in January, though similar phishing ads kept appearing for the whole year. Recent examples include deceptive ads masquerading as legitimate pages for Amazon. Clicking on these ads redirected users to tech support scams.

The primary objective was to lure users into entering their Kinsta login credentials on the fake website. Once stolen, attackers could exploit these credentials to gain access to users’ WordPress websites, potentially causing serious damage. This could include:

• Sensitive information stored on compromised websites, such as customer data, financial details, and intellectual property, could be exposed.
• Attackers could inject malicious code into compromised websites, redirecting visitors to phishing sites or spreading malware further.
• The website’s content could be defaced or replaced with malicious messages.
• Access to payment gateways or sensitive financial information could lead to financial losses for users or their clients.
• A successful phishing attack could damage Kinsta’s reputation by casting doubt on its security measures and leading to user distrust.

Phishing increases with Google Ads

Google Ads, a widely used advertising platform, has unfortunately become an increasingly popular tool for hackers and cybercriminals. These individuals and groups are exploiting the platform’s reach and visibility to carry out various malicious activities.

Several websites advertised fake downloads for popular software including Grammarly, MSI Afterburner, Slack, Dashlane, Malwarebytes, Audacity, μTorrent, OBS, Ring, AnyDesk, Libre Office, Teamviewer, Thunderbird, and Brave through Google Ads.

Protecting Against Phishing Threats

Kinsta emphasizes the malicious nature of these sponsored websites. Also, strongly advises users to exercise extreme caution when dealing with any links. These links should lead directly to the official kinsta.com or my.kinsta.com domains. The company also urges users to enable two-factor authentication (2FA) on their accounts to enhance security measures further.

To protect against these threats, it is crucial to exercise caution when interacting with online ads. Always verify the URLs of the websites you visit and refrain from clicking on suspicious links or sharing login credentials in response to unsolicited messages. To be completely sure that you follow a proper link, avoid clicking any ads in Google Search, using regular results instead.

Use reliable anti-malware software with network protection features. We highly recommend GridinSoft Anti-Malware because it is a fast, lightweight and highly effective solution that can effectively counter a wide range of threats. You can explore its features during the 6-day free trial period.

The post Kinsta Alerts About Phishing Campaign on Google Ads appeared first on Gridinsoft Blog.

Google Fixes CVE-2023-6345 0-day Vulnerability

Limited public information is available about CVE-2023-6345, but it is identified as an integer overflow issue affecting the Skia component within Chrome’s graphics engine. The National Vulnerability Database (NVD) describes it as a high-severity bug that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a malicious file.

Actually, soon after the official announcement of the vulnerability fix, the real-world exploit appeared. Due to this, Google has rated the CVE-2023-6345 fix as a high-priority update due. The company has refrained from disclosing technical details until the majority of users and vendors employing the Chromium browser engine implement the fixes.

Security analysts note that Google TAG researchers reported CVE-2023-6345, highlighting its connection to spyware and APT activity. Comparisons are drawn with a previous similar flaw (CVE-2023-2136), suggesting the latest patch aims to prevent attackers from bypassing the earlier update.

More Security Patches

Alongside the zero-day fix, Google has released a total of seven security updates addressing various vulnerabilities:

• CVE-2023-6348: Type Confusion in Spellcheck
• CVE-2023-6347: Use after free in Mojo
• CVE-2023-6346: Use after free in WebAudio
• CVE-2023-6350: Out of bounds memory access in libavif
• CVE-2023-6351: Use after free in libavif

This latest announcement marks the fourth zero-day vulnerability Google has disclosed and patched in its Chrome browser this year.

Update Google Chrome

As we said earlier, patches and updates are the best way to fix vulnerabilities. So if you’re using Mac or Linux, the update will take your browser to version 119.0.6045.199, while Windows users will be upgraded to version 119.0.6045.199/.200. To check if the update is available, go to “Help” in your Google Chrome menu, and then click on “About”. If the update is ready, it will automatically start downloading.

It may take a few days for the update to be available to everyone. Once you have installed the update, make sure to restart your browser for the changes to take effect. Otherwise, your browser will remain vulnerable to attacks.

The post Google Addresses Zero-Day Vulnerability in Chrome appeared first on Gridinsoft Blog.

CPU-Z Malware in the WindowsReport Page Clone

Recently, a wave of malicious ads on Google Search results page offered users a Trojan-infected version of the popular CPU-Z program. For better disguise, the malware was hosted on a clone site of the real news site WindowsReport. As the presence of the official site for the product is not that obvious for users, such a trick was quite effective.

By clicking on such an advertisement, the victim goes through a series of redirects that fooled Google’s security scanners and filtered out crawlers, VPNs, bots, etc., redirecting them to a special decoy site that did not contain anything malicious.

Users ended up on a fake news site hosted on one of the following domains:

• argenferia[.]com;
• realvnc[.]pro;
• corporatecomf[.]online;
• cilrix-corp[.]pro;
• thecoopmodel[.]com;
• winscp-apps[.]online;
• wireshark-app[.]online;
• cilrix-corporate[.]online;
• workspace-app[.]online.

The result of these manipulations is the chain attack, initiated with FakeBat malware. Further, this loader injects well-known RedLine infostealer – an old-timer of the scene.

What is RedLine Infostealer?

Downloading the CPU-Z installer from the attackers’ resource resulted in the download of an MSI file containing a malicious PowerShell script, which the researchers identified as the FakeBat malware loader (aka EugenLoader). This downloader extracted the Redline payload from a remote URL and launched it on the victim’s computer.

Redline is a powerful data theft tool that can steal passwords, session tokens, cookies, and vast amounts of other stuff. We have a dedicated article with the complete tech analysis of this malware – consider checking it out.

Earlier, we wrote about how cybercriminals distribute RedLine infostealer. It uses sites for downloading the fake MSI Afterburner utility. To distribute it, various domains were also used as part of the hacker campaign, which could be mistaken by users for the official MSI website. The imitation of brand resources was done quite well.

According to Google representatives, all malicious ads associated with the hacker campaign to distribute the infected CPU-Z tool have now been removed, and appropriate action has been taken against the accounts associated with them.

This is not the first time that hackers have used Google Ads

This exact malvertising campaign was discovered by analysts, who believe it is part of a previously observed campaign of a similar purpose. Previously, the attackers used fake Notepad++ advertisements to deliver the malware.

In the ads, the attackers promoted URLs that were clearly not associated with Notepad++, and used misleading titles in their ads. Since headers are much larger and visible than URLs, many people likely didn’t notice the catch.

Let me remind you that we talked about how malware operators and other hackers are increasingly using Google Ads to distribute malware to users who are looking for popular software. So, you can encounter malicious ads when searching for Slack, Grammarly, Dashlane, Audacity, and dozens of other programs.

The post Malicious CPU-Z Copy Is Spread In Google Search Ads appeared first on Gridinsoft Blog.

What is Android:TrojanSMS-PA?

As I said, Android:TrojanSMS-PA detection name is one of hundreds used by an antivirus tool that is built into the Huawei smartphones and tablets. Since the company ships the devices with their own builds of Android, that lack Google apps, you may have used this antivirus without even knowing. And there, actually, can be the reason for such a detection.

Back in 2020, Huawei was prohibited from using Google apps on their smartphones. With time, the co created their own ecosystem of apps, and apps developed by Google are now obviously treated as third-party. According to user reports, the Android:TrojanSMS-PA detection name often points at the Google app itself.

Is Android:TrojanSMS-PA false positive?

Most probably, the Android:TrojanSMS-PA detection is a false positive. Such things happen to pretty much any antivirus program – a mistake of the heuristic system or issues with certificate recognition. The chance that Huawei would make their antivirus to intentionally detect the Google app is miserable, especially since it will cause a storm of detections on user devices.

However, there is always a chance that the Android:TrojanSMS-PA detection is a real virus active in your smartphone. Most common malware samples for mobile devices include spyware, stealers, adware and fleeceware. To clear this up, you can investigate the detection yourself, or scan your device with a different mobile antivirus software.

What should I do?

First and foremost, don’t panic. Malware for smartphones is mischievous yet non-destructive. You are not likely to see your files encrypted, deleted, or bad things like that. Still, having your personal data stolen is nothing good either. That being said, let’s see how to understand whether the Android:TrojanSMS-PA is malicious, or just a false detection.

Once you see this detection, go to the Security app, and check what app it detects as TrojanSMS-PA. If it is a Google app – well, that is definitely a false positive. People already discuss the situation on various forums, and the only thing you need is ignore it and wait for a fix.

But when you see a strange file, or an app from a third-party source detected as TrojanSMS-PA, that’s the time to stay on the alarm. As I said, this detection is not 100% false positive, and in this configuration it may be a sign of a serious malware running in your system. I recommend using Trojan Scanner – a free and effective antivirus program, that will clear up the security situation on your smartphone.

The post What is Android:TrojanSMS-PA detection? appeared first on Gridinsoft Blog.

In addition to the obvious security benefits, the new API will actually allow Google and site operators to effectively deal with ad blockers.

As you can easily guess from this introduction, the main goal of the project is to learn more about the person on the other side of the browser, to make sure that he is not a robot, and the browser has not been modified or faked in any way.

The developers say that such data will be useful for advertisers to count ad impressions, help fight bots on social networks, protect intellectual property rights, counter cheating in web games, and also increase the security of financial transactions.

That is, at first glance, the Web Environment Integrity API is designed as a security solution so that sites can detect malicious code modifications on the client side and disable malicious clients. The developers list several scenarios for the possible use of the new API:

1. detection of manipulation in social networks;
2. detection of bot traffic in ads to improve customer experience and access to web content;
3. detection of phishing campaigns (for example, Webview in malicious applications);
4. detection of mass takeover or account creation attempts;
5. detection of large-scale cheating in web games with fake clients;
6. Detection of compromised devices where user data may be at risk;
7. detecting account takeover attempts by guessing a password.

At the same time, the authors of the Web Integrity API write that they were inspired by “existing native attestation signals, including [Apple] App Attest and [Android] Play Integrity API.”

It’s worth clarifying here that Play Integrity (formerly SafetyNet) is an Android API that allows apps to find out if a device has been rooted. Root access allows you to take full control of the device, and many application developers do not like this. Therefore, after receiving the appropriate signal from the Android Integrity API, some types of applications may simply refuse to start.

As a rule, banking applications, Google Wallet, online games, Snapchat, as well as some multimedia applications (for example, Netflix) refuse to work in such cases. After all, it is believed that root access can be used to cheat in games or phish banking data. Although root access may also be needed to configure the device, remove malware, or create a backup system, Play Integrity does not consider such uses and in any case blocks access.

As experts now assume, Google aims to do the same across the Internet.

By Google’s design, during a web page transaction, the server may require the user to pass an environment attestation test before they receive any data. At this point, the browser will contact a third-party attestation server and the user will have to pass a certain test. If the verification is passed, the user receives a signed IntegrityToken that confirms the integrity of their environment and points to the content to be unlocked.

Then the token is transferred back to the server, and if the server trusts the tester company, then the content is unlocked, and the person finally gets access to the necessary data.

As many now assume, if the browser in this example is Chrome, and the attestation server is also owned by Google, then Google will decide whether or not to allow a person access to sites.

The company assures that Google is not going to use the described functionality to the detriment. Thus, the creators of the Web Integrity API “firmly believe” that their API should not be used for fingerprinting people, but at the same time they want to get “some kind of indicator that allows you to limit the speed in relation to the physical device.”

It also states that the company does not want to “interfere with browser functionality, including plugins and extensions.” Thus, the developers make it clear that they are allegedly not going to fight ad blockers, although the company has been working on the scandalous Manifest V3 for many years, whose goal is precisely this. We, by the way, wrote how the developers will implement these rules. And the new API can be used to detect when an ad blocker is tampering with ad code. After that, the site operator will be free to simply stop providing services.

The discussion of this topic on the network has already provoked a wave of criticism against Google, and the project has been dubbed DRM for the Internet. For example, developers, information security specialists, and ordinary users note that the Web Integrity API project intends to be hosted on GitHub by one of the developers, and Google is trying to distance itself from development that can literally poison existing web standards, helping the company save the advertising business.

The discussion on the project’s Issues page on GitHub also deals primarily with the ethical aspects of what is happening, and Google is accused of trying to become a monopolist in another area and “kill” ad blockers.

You might also be interested in our article on how Google membership rewards scam is a new popular type of online fraud.

The post Google Is Working on an Information Security Project Called Web Integrity API appeared first on Gridinsoft Blog.

In its report, Google highlights the importance of the AI red team, and also lists the different types of attacks on artificial intelligence that can be simulated by experts.

Specifically, the report looks at prompt engineering, which is an attack in which an attacker manipulates requests to AI to force the system to respond in the way it wants. In the theoretical example that the experts describe, a webmail application uses AI to automatically detect phishing emails and alert users. A large language model (LLM) is used to parse mail and classify it as safe or malicious.

An attacker who knows that AI is using phishing detection can add an invisible paragraph to their email (simply making the font white) containing instructions for LLM and forcing the AI to classify this email as safe.

Let me remind you that we wrote that AI has become a new effective tool for social engineering in the hands of cybercriminals, and also that Russian hackers are actively looking for ways to use ChatGPT.

Another example is related to data used for LLM training. Although the training data is usually well cleaned of personal and confidential information, the researchers explain that it is still possible to extract personal information from the LLM.

For example, training data can be used to abuse autocomplete. For example, an attacker can trick AI into providing information about a person using carefully crafted suggestions that the autocomplete feature will augment with training data known to it that contains sensitive information.

For example, an attacker enters the text: “John Doe has been missing work a lot lately. He can’t come to the office because…’ The autocomplete function, based on the training data it has, can complete the sentence with the words “he was interviewing for a new job.”

The report also discusses data poisoning attacks, in which an attacker manipulates LLM training data to affect the final results of its work. In this regard, it is emphasized that the protection of the supply chain is essential for the security of AI.

Google also explains that blocking access to LLM cannot be ignored either. In the example provided by the company, the student is given access to an LLM designed to evaluate essays. The model is able to prevent injection, but access to it is not blocked, which allows the student to teach the AI to always give the highest mark to works containing a certain word.

At the end of its report, Google recommends traditional red teams join forces with AI experts to create realistic simulations. It is also emphasized that even considering the results obtained by the red team experts can be a difficult task, and some problems are extremely difficult to solve.

It is worth noting that the company introduced an AI red team just a few weeks after the announcement of the Secure AI Framework (SAIF), designed to provide security in the development, use and protection of artificial intelligence systems.

As our colleagues wrote: even novice hackers can create malware prototypes using AI.

The post Google Creates a Red Team to Attack AI Systems appeared first on Gridinsoft Blog.