On mobile devices, the risk of a cyber attack through infected apps, fake AI websites, fake proxy servers and phishing is high.
Generative artificial intelligence (AI) tools such as ChatGPT and Google Bard are becoming increasingly popular around the world. They enable their users to increase efficiency and productivity in their daily work. However, these diverse application possibilities are both a blessing and a curse, as they can also be misused by hackers for cyber attacks. Shortly after their introduction, generative AI tools were quickly used to create malware. Many of them appeared in the official app stores. In addition, generative AI has been abused to create fraudulent emails and messages as well as AI-powered phishing campaigns and deepfakes on YouTube.
AI creates phishing emails and malware
Unfortunately, the providers of generative AI bots do not have these problems under control. In a recent report, the Check Point Research team found that Bard (Google's generative AI tool) imposes almost no restrictions when creating phishing emails and that it can be used to develop keyloggers for malware with minimal manipulation .
For these reasons, some companies have already banned the use of AI tools on corporate devices or networks. Other companies that allow their employees access to generative AI tools have fallen victim to data leaks. Therefore, until appropriate measures are in place to protect sensitive data from leakage and internal information from theft, companies should be particularly careful in enforcing their security policies.
Many sources of danger for mobile devices
Mobile devices are no exception. In fact, mobile users are even more likely than desktop users to download a malicious application or fall victim to phishing attempts. The number of sources of danger is anything but small. Check Point lists some of the most important ones:
- Apps that imitate popular AI websites and resources (ChatGPT and Google Bard) to steal sensitive data.
- Apps that use web services and act as proxies to popular AI websites and resources, exploiting their middleman position to siphon information.
- App malware designed by generative AI engines to fool end users, whether consumers or businesses.
Mobile devices' smaller screens and large number of applications and notifications can mislead users and make them more likely to click on malicious links or download infected files. For many people, social networks are also the most used applications on mobile, meaning mobile users are more vulnerable to social engineering and phishing.
Since the boundaries between private and professional use of mobile devices are sometimes blurred, they can become a main entry point into companies, which is why protection against AI threats should be a top priority.
How to protect mobile devices from AI threats?
- IT attacks are now simply too advanced and complicated to be reliably detected by humans. Phishing sites have now become so advanced that they are identical to the original site. That's why advanced technologies are needed to protect endpoints and prevent threats from entering the company.
- Mobile devices are a gateway into the company. As AI develops rapidly, detection and remediation are not enough. A mobile security solution must include preventive features to stop the threat at the device level before it gains access to networks.
- AI’s generative learning capabilities are impressive. If people want to keep up, they must use AI to combat AI. Smart IT decision-makers therefore ensure that their security solution leverages both AI and machine learning technology to stay on top.
Anyone who wants to use the possibilities of AI must also be aware of and take precautions against its dangers. Companies and consumers alike would be well advised to learn about the practices of hackers who exploit AI. In addition, preventive mobile phone security solutions are essential in view of the now deceptively real phishing attempts in order to prevent people from being exposed to the risk of being deceived by them in the first place.
More at CheckPoint.com
About check point Check Point Software Technologies GmbH (www.checkpoint.com/de) is a leading provider of cybersecurity solutions for public administrations and companies worldwide. The solutions protect customers from cyberattacks with an industry leading detection rate for malware, ransomware and other types of attacks. Check Point offers a multi-level security architecture that protects company information in cloud environments, networks and on mobile devices, as well as the most comprehensive and intuitive “one point of control” security management system. Check Point protects over 100.000 businesses of all sizes.
Matching articles on the topic