Bruse Schneier has an excellent article on how large language model AIs are being maliciously manipulated because of an old-style vulnerability being exploited. AT&T was probably the first organisation hit by such an attack that exploits systems that use the same channel for both data and commands. Back in the 60s phreakers used a plastic whistle to get free phone calls from AT&T.
Today hackers are buying cars for $1 thanks to a similar style of Data-Control Path Insecurity attack.
LLMs’ Data-Control Path Insecurity – Schneier on Security
As you can see from the article some of these expoitations are not difficult, they just need some thought and experimentation.
Your Takeaway
Cyber security are not always complicated and often your precautions do not need to be complicated either.
Training and education is a good place to start.
This week on Smart Thinking and CyberAwake I am starting a new Back-to-Basics primer on one of the simpliest cyber attacks we all suffer – phishing. The mini-series starts off with a look at how these mass cyber attacks can be trimmed and targetted at specific victims – that could be you – by looking at social engineering and the simplicity of OSINT.
The first part is published here tomorrow, the second on CyberAwake on Thursday, with more articles to follow.
Clive Catton MSc (Cyber Security) – by-line and other articles
Further Reading
John Draper (Captain Crunch) – Wikipedia
