22/10/2024
Gmail Security—Viral AI Hack Poses Critical Question For 2.5 Billion Users (forbes.com)
https://www.forbes.com/sites/daveywinder/2024/10/21/gmail-security-viral-ai-hack-poses-critical-question-for-25-billion-users/
Ten days ago, I wrote an article warning Gmail users about a newly uncovered security threat powered by AI that was convincing enough almost to fool a professional security consultant. That story captured the imagination of more than two million readers as it quickly went viral. In its wake, a question remains: does AI make Gmail a safer email service or a more dangerous one? As is often the case, the answer is complicated and nuanced, but it’s important nonetheless, so let’s try and clarify it.
As I reported at the time, in what would become a viral news story about Gmail security, it all started when a professional security consultant, Sam Mitrovic, posted an innocent enough reply to a message on X saying that he’d come close to getting fooled by a “super realistic AI scam call” designed to hack his Gmail account. I’d recommend reading the original article for the full details of what happened, but here’s the TL;DR version. A notification requesting a Google account recovery approval is received, followed by a missed phone call. Seven days later another such notification and call were made, but the telephone was answered this time. What followed was a convincing conversation with what appeared to be a genuine Google number and a real support technician. Long story short, it was neither: it was an AI-powered voice on the other end of the call and one that nearly fooled Mitrovic.
Ultimately, then, this was a phishing attack. Phishing is nothing new. AI deepfakes are nothing new. However, combining the two to target Gmail users in such a convincing way is fast becoming the new normal. “The main reason social engineering is so effective is that it keeps evolving,” Anna Collard, a cybersecurity evangelist at KnowBe4, said. “The rise of deepfakes, convincingly real images and videos artificially generated, has further exacerbated the potential for misinformation and manipulation.”
According to the newly published Cybersecurity Survey Report 2024: Navigating the New Frontier of Cyber Challenges from Kaseya, hackers are leveraging advances in AI technology to “launch more sophisticated cyberattacks at a faster pace than ever before.” That much, I think, we can all agree upon. Where things start to get a bit more nuanced is when we look at how AI can help on the defensive side of the cybersecurity fence. “More than half of survey participants say they believe AI will help them be more secure,” Chris Mckie, vice president of product marketing at Kaseya, said, adding that “more research and clarity around the benefits and limitations of AI as a cybersecurity tool is needed.”
As a new Gmail security warning goes viral, all users should ask whether AI is an email threat or a safety shield.
