Buzzwords of the Day 11-08-2023

*Special Note from the Author - This week's issue was written entirely in Vim!

#This Week's Buzzwords:

declare -a Buzzword = { "AI/LLM", "Exploits", "Ransomeware" }

$Buzzword{0}= "AI/LLM" - There Are Four Lights!

One of the major across-the-board risks of LLMs is the alarming rate at which these models "hallucinate", or as more accurately described by Luke Lafreniere (CEO of Floatplane & co-host of The WAN Show), present answers that are "confidently wrong". A handful of ex-Googlers have been working on a start-up called Vectara, offering analysis services of broad-use LLMs like ChatGPT, Google Bard, Microsoft BingChat, and others, to provide actionable data on how reliable these models' responses are.

Per Vectara's research, popular LLMs were found providing "confidently wrong" information between 3% - 27% of queries, with ChatGPT being incorrect least often, and Google project called Palm clocked in with the highest rate of “wrong-ness” at 27%. Based on the data provided in the NY Times breakdown of the dataset, average rates of "confidently incorrect" data are between 5% (excluding the outlier Palm) and 10% (including the outlier figure). Ultimately, this means any response provided by LLMs in their current state (at time of publishing) have a 1/20 chance of providing data that is incorrect, falsified, and likely misleading. Players of tabletop games calling for a 20-sided dice would be quick to warn that 1 in 20 are not as great odds as they may seem.

Source Context: *(subscription-walled)

https://www.nytimes.com/2023/11/06/technology/chatbots-hallucination-rates.html

~~~

$Buzzword{1}= "Exploits" - Weaponizing the iPhone Collective

This week, BleepingComputer reported on what might be one of the most innovative proof-of-concept exploits of the year: a means of hijacking Apple's "Find My" network (a passive service running on every Apple device with a network connection). Security researchers published their proof-of-concept package to GitHub, named "Send My", allowing users to send arbitrary information (like keylogger data) over the network via Bluetooth, accessible by their dedicated receiver device over the WAN.

Why is this so concerning? To start, the "Find My" service runs as a background task on any and every Apple device with an active network connection, meaning that every single iPhone, iPad, Mac, or even iPods (for the dozen global users still running a dedicated mp3 player), and cannot be disabled. There is a near-global infrastructure to support this attack vector so long as Apple can continue selling devices. Additionally, Bluetooth packets are not often monitored as closely as other network traffic, since device-to-device Bluetooth transmissions exist outside of established network montoring (never passing through any infrastructure that may forward log data to a SIEM).

As for where these exploits may be utilized, BleepingComputer reports that the company warned opposition leaders in India that they detected what may have been state-sponsored "digital espionage". Several members of India's parliament as well as individuals running for office have publicly disclosed notifications they received from Apple indicating potential security incidents involving their iPhones. As news broke, several journalists in the region came forward confirming similar Apple-official warnings received on their devices. Apple neither confirmed nor denied the origins of the attacks that warranted these notifications, and representatives of the government have attempted to downplay the warnings (despite prior accusations of deploying spyware such as Pegasus against their opponents in the past and reports by Financial Times earlier this year of the government actively shopping for spyware).

Source Context:

https://www.bleepingcomputer.com/news/apple/apple-find-my-network-can-be-abused-to-steal-keylogged-passwords/ (Breakdown of the "Send My" Exploit)

https://techcrunch.com/2023/10/30/indian-opposition-leaders-says-apple-has-warned-them-of-state-sponsored-iphone-attacks/ (Apple Warns Indian Political Candidates of Spyware)

~~~

$Buzzword{2}= "Ransomeware" - Duck Season? Wabbit Season? Malware Season!

Is Autumn turning into Malware Season? Recent reports indicate that ransomware activity is on the rise following a slight lull during the early-mid summer. BleepingComputer reports on research into malicious activity, breaking down more than a half-dozen updates regarding major malware threats, spanning from existing groups like "The Hive" likely rebranding themselves under a new name, to broad openings in Apache ActiveMQ (an opening allowing malware like HelloKitty to execute malicious shell code), or a new Linux-focused exploit called Bibi Linux (named after Israel's current & controversial Prime Minsiter - upon installation to the target system, deletes designated folders, or the entire / directory). As the end of the year draws closer, security reviews should be a priority for any user whose system contains sensitive data.

Source Context:

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-3rd-2023-hives-back/