Tech Friday with Dave Hatter - July 31st 2020 - SPONSORED BY INTRUST IT

  • MIT deepfake video of President Nixon announcing NASA Apollo 11 disaster is disturbing:
    • Advances in computer power and machine learning have lead to technology that is making it hard to believe your own eyes and ears
    • New algorithms can take a single photo of someone and create a video that is completely fabricated but very, very realistic
    • Pinscreen is a Los Angeles start-up that has created the technology, they believe these renderings will become so realistic that it will be virtually impossible to determine what is real
    • Thao Li, a leading researcher on computer-generated video at USC, founded Pinscreen in 2015. "With furtherdeep-learning advancements, especially on mobile devices, we'll be able to produce completely photoreal avatars in real time"
    • FakeApp is one of several new AI-powered synthesizing tools that doesn't require specialized hardware or skilled experts to create convincingfakevideos
    • Software such as FakeApp can be used for fraud, forgery, and propaganda. FakeApp has been downloaded more than 100,000 times and has been used to create manyfakepornographic videos featuring celebrities and politicians 
    • FakeApp is relatively easy to use, a user "trains" it with hundreds of photos of source and target faces. It relies ondeep-learning algorithms to find patterns and similarities between the two face
    • While the process isn't trivial, you don't have to be a graphics or machine-learning expert to use FakeApp and it will run on relatively low-end system
    • "Ten years ago, if you wanted tofakesomething, you could, but you had to go to a VFX studio or people who could do computer graphics and possibly spend millions of dollars," says Dr. Tom Haines, lecturer in machine learning at University of Bath. "However, you couldn't keep it a secret, because you'd have to involve many people in the process
    • There are many possible applications for this technology and many of them are malicious. Imagine the capability to usefakevideos for blackmail, revenge or propaganda
    • This technology could have a devastating impact on the use of audio and video evidence in court cases. "This goes far beyond 'fakenews' because you are dealing with a medium, video, that we traditionally put a tremendous amount of weight on and trust in," said David Ryan Polgar, a writer and self-described tech ethicist
    • There are concerns about the possible impact of deepfaks on the upcoming election
    • TheFakening is a YouTube channel dedicated todeepfakeshttps://www.youtube.com/channel/UC5D-8hVVwLB0DNrcSBqoVxgver"
    • MIT recently released a deepfake video as part of a project known as "In Event of Moon Disaster" to demonstrate the disturbing power of these videos
    • The video mixes actual NASA footage with Nixon delivering the news that NASA failed and astronauts died on the moon
    • It took MIT AI experts 6 months to create the very convincing 7-minute video
    • You can watch the video here:https://www.youtube.com/watch?v=LWLadJFI8Pk&feature=youtu.be
    • There is work on technology to identify deepfakes
    • Hany Farid, a digital forensics expert at Dartmouth College, said watching for blood flow in the face can sometimes determine whether footage is real. He also said slight imperfections at the pixel level may reveal fakes
    • Learn more about the MIT project here:https://moondisaster.org/about/
  • A sophisticated new Netflix credential phishing scam:
    • A recent wave of phishing attacks has been targeting Netflix users
    • The goal appears to be to steal payment card data and user credentials
    • The hacker sends an email using a "failed payment" motif to hook users
    • The spoofed emails are fromnetfiix@csupport.coand ultimately direct a user to a spoofed login page
    • Unfortunately, some security tools fail to identify the page as a threat because it has a functional CAPTCHA, which also add legitimacy
    • These phishing attacks are not complex but are bypassing some email security solutions
    • After entering credentials another page loads asking for billing information
    • If the user enters all the information they will receive a "success" message at which point they have been had
    • Always carefully review the URL of any site before you enter sensitive information
    • Look for https:// and/or the lock in the browser, but that is no guarantee a site it legitimate
    • Remember that it's easy for a hacker to spoof a legitimate website
    • If you get an email or text that claims a payment failed, or anything like that, go to the site on your own, don't click the link
    • The URL has been taken down, but you can bet there will be more
  • Are your devices infected with Stalkerware:
    • "Spyware" is a form of malware that allows someone to capture detailed information from your device
    • "Stalkerware is monitoring software or spyware that is used for stalking. The term was coined when people started to widely use commercial spyware to spy on their spouses or intimate partners" - Wikipedia
    • They have come under scrutiny for allowing detailed covert surveillance
    • Most of these apps are designed for parents to monitor kids activities, but they can be and often are repurposed to spy on significant others
    • ClevGuard, the manufacturer of KidsGuard claims it can "access all the information" on a device incliding real-time location, text messages, browser history, access to its photos, videos and app activities, and phone call
    • ClevGuard says it can be used for multiple purposes, including "catch a cheating spouse or monitor employees
    • A misconfigured ClevGuard server allowed detailed information collected from victims devices to be leaked on the we
    • This security mishap provided insight into how incredibly intrusive a stalkerware app can b
    • Once installed from the ClevGuard site, it runs in "stealth" mode, hiding as "system update
    • Additionally, it has no icon, so it's hard for a victim to know it's installed
    • Testing showed that the app constantly exfiltrates data from the victim’s phone
    • It captures who the victim is communicating with on other apps such as WhatsApp, Instagram and Facebook Messenger. It can take screenshots of a victim’s conversations
    • ClevGuard shut down the exposed cloud bucket once notified
    • Cooper Quintin, senior staff technologist at the Electronic Frontier Foundation said "This is evidence that not only are spouseware and stalkerware companies morally bankrupt, they are also often failing to protect their stolen user data once they have it"
    • This is the latest example of spyware companies that have shoddy security practices that leak sensitive data
    • Others include mSpy, Mobistealth and Flexispy. The Federal Trade Commission launched legal action against Retina-X, which had two data breaches involving sensitive victim data
    • ClevGuard claims it has an iOS version that asks for iCloud credentials to access iCloud backups. That violates Apple policies
    • It's difficult to install stalkerware on an iPhone, iOS generally doesn't let apps get deep enough into the OS to secretly monitor you
    • If your iPhone is jailbroken (unlocked so that any app can be installed), that may not be the case
    • If you have a jailbroken iPhone, a full factory reset should fix it. Back up first
    • Installing stalkerware on Android devices is somewhat easier, but someone will still need access to your phone
    • Google will remove apps from the Play Store that exhibit stalkerware-like behavior when caught
    • A compromised phone might get hot or the battery may drain quickly while you're not using it. Generally, any unusual phone behavior could be telling
    • A PC could also have stalkerware and most newer anti-virus software will root it out
    • Check your online accounts for unusual activity too

55KRC · THE Talk Station in Cincinnati

Listen Now on iHeartRadio

outbrain pixel