GUEST ESSAY: The growing need to defend against superhackers, master thieves and digital ghosts

by Arthur · November 21, 2022

Imagine what could happen if malicious hackers began to intensively exploit artificial intelligence (AI) to systematically discover and exploit software vulnerabilities?

Related: Cyber espionage is on the rise

Cyber attacks would become much more dangerous and much more difficult to detect. Currently, human hackers often discover security holes by accident; AI can make their hacking tools faster and the success of their tactics and techniques much more systematic.

Our current cybersecurity tools are not prepared to handle AI-infused hacking, should targeted network attacks evolve in this way. AI can help attackers make their attack code even more stealthy than it is today.

Attackers, for obvious reasons, usually seek system access control. A fundamental way they achieve access control is by stealing crypto keys. Hackers can increasingly leverage AI to make their attack code even more undetectable on computers – and this will advance their capacity to achieve deep, permanent access control of critical systems.

If AI-infused hacking catches on, breaches will happen increasingly quickly and automatically; The attack code will be designed to adapt to any version of an OS, CPU or computing device. And this would be a major game-changer – tilting the advantage to the adversaries who are in command of such an AI hacking tool.

Wittkotter

This scenario is closer than we might think or expect. Consider the approach to AI taken by software firm DeepMind; their system turns technical problems into rules of play – and can deliver extraordinary results even if their developers are not experts in the underlying problems.

We assume we are ok or safe if responsible people are in the loop ie turning things off or pushing a button. But every button/switch is associated with software; and advances such as those made by DeepMind can be used for malicious purposes, such as continuously making unauthorized changes at the access control level.

Cybersecurity needs to be better prepared to defend against super-hackers, master crypto-key thieves, and digital ghosts running in this direction. Here are three basic practices that I believe must be incorporated:

Never mix security code and regular code. We must make any change or manipulation of anything security-related detectable. Security operations should be separate from the main operating system and CPU. This independence makes attacks on security easier to detect.

Hash codes must be registered. Hash codes are unique values associated with software that can be associated with the manufacturer. Registration – and hence whitelisting of hash codes – will reduce and ultimately eliminate unauthorized code from circulating.

Protect crypto keys. Crypto keys processed in main CPUs, as well as the public keys in PKI, should always be referenced via their registered hash codes; and they should never be stored in clear text. In short, crypto keys must be extremely well guarded and handled on separate, independent security systems.

I would argue that these practices make good, common sense; they are practices that make code changes updatable and deployable so that device owners remain in control. Unauthorized access control must become almost impossible.

To get there, cyber security needs to become much more proactive and include more basic preventative elements. When we create overkill in our security measures, in a way that goes unnoticed by ordinary users, we will achieve effective countermeasures against global cyber threats

About the essayist: Erland Wittkotter is an inventor and technology architect. He is the founder of No-Go-* — a grassroots developer community focused on the promise of making our digital lives much safer.

*** This is a Security Bloggers Network syndicated blog from The Last Watchdog written by bacohido. Read the original post at: