DIGITAL LIFE
Gmail Security—Viral AI Hack Poses Critical Question For 2.5 Billion Users
Ten days ago, I wrote an article warning Gmail users about a newly uncovered security threat powered by AI that was convincing enough to almost fool a professional security consultant. That story captured the imagination of more than two million readers as it quickly went viral. In its wake, a question remains: does AI make Gmail a safer email service or a more dangerous one? As is often the case, the answer is complicated and nuanced, but it’s important nonetheless, so let’s try and clarify it.
The AI-Powered Hack Behind The Viral Gmail Security Story...As I reported at the time, in what would become a viral news story about Gmail security, it all started when a professional security consultant, Sam Mitrovic, posted an innocent enough reply to a message on X saying that he’d come close to getting fooled by a “super realistic AI scam call” designed to hack his Gmail account. I’d recommend reading the original article for the full details of what happened, but here’s the TL;DR version. A notification requesting a Google account recovery approval is received, followed by a missed phone call. Seven days later another such notification and call were made, but this time the telephone was answered. What followed was a convincing conversation from what appeared to be a genuine Google number and real support technician. Long story short, it was neither: it was an AI-powered voice on the other end of the call and one that nearly fooled Mitrovic.
Ultimately, then, this was a phishing attack. Phishing is nothing new. AI deepfakes are nothing new. However, the combination of the two to target Gmail users in such a convincing way is fast becoming the new normal. “The main reason social engineering is so effective is that it keeps evolving,” Anna Collard, an cybersecurity evangelist at KnowBe4, said. “The rise of deepfakes, convincingly real images and videos artificially generated, has further exacerbated the potential for misinformation and manipulation.”
AI: Gmail Security Friend Or Foe?...According to the newly published Cybersecurity Survey Report 2024: Navigating the New Frontier of Cyber Challenges from Kaseya(https://www.idagent.com/resources/kaseya-cybersecurity-survey-report-2024/), hackers are leveraging advances in AI technology to “launch more sophisticated cyberattacks at a faster pace than ever before.” That much, I think, we can all agree upon. Where things start to get a bit more nuanced is when we look at how AI can help on the defensive side of the cybersecurity fence. “More than half of survey participants say they believe AI will help them be more secure,” Chris Mckie, vice president of product marketing at Kaseya, said, adding that “more research and clarity around the benefits and limitations of AI as a cybersecurity tool is needed.”
Google is certainly not sitting on its laurels as far as defensive AI evolution is concerned. Users of paid Google Workspace accounts will, if not already, be getting access to a new security advisor tool. This brings a security sandbox to the Gmail party for secure scanning of malicious software hiding in attachments, and enhanced safe browsing for further protection by scanning incoming messages for malicious content before it’s delivered. All Gmail users are also protected by a large language model defensive AI program which is already producing spectacular results in keeping security threats at bay. Google describes it as driving “one of the most dramatic security improvements in Gmail’s 20-year history.” It works by training itself on the most malicious of email messages so as to be able to spot abuse patterns and deploy protections against them as quickly as possible. Google has described this as being like having 1,000 more cyber-defenders reviewing email to keep users safe.
Available from Oct. 15, the AI Gemini app has got enterprise-grade security protections in core services, for Workspace Business, Enterprise, or Frontline plans. Google said that “with all of the core Workspace security and privacy controls in place, companies have the tools to deploy AI securely, privately and responsibly in their organizations in the specific way that they want it.”
Is Gmail Secure Enough In The Face Of AI Threats?...In my humble opinion, I’d say that Gmail is as secure as most email services, depending on how you define the security metric. Proton Mail will win out when it comes to end-to-end encryption for your highly confidential email needs, but that’s an edge case for the vast majority of Gmail’s 2.5 billion users. Because of being such a tech behemoth, Google has plenty of resources to throw at securing Gmail accounts and, of course, is doing just that, including with the help of AI technologies. However, staying safe is a two-way street, and you can only pass so much responsibility onto Google’s shoulders; you also have to accept that some of the responsibility for your security comes from your own actions. This means being aware of the ever-evolving phishing threats facing you. Did I say go and read that viral story already and take steps to ensure your Google account is as secure as possible?
Google makes this as easy as it can with the likes of the Advanced Protection Program(https://landing.google.com/advancedprotection/), designed for users such as journalists, activists and politicians who may be thought of as high-risk account holders, but recommended for everyone nowadays. There is no costly downside now that Google has done away with the requirement to purchase two expensive hardware security keys and enabled the use of a Google passkey instead. “If anyone tries to recover your account,” a Google spokesperson said, “Advanced Protection takes extra steps to verify your identity.” This means that it can take a few days to verify that you are who you say and get access to your Google account back. But it means that hackers can’t just scam their way into it either.
Davey Winder
No comments:
Post a Comment