Following news that Microsoft is putting AI and Machine Learning tools into the latest versions of Windows 10, Etienne Greeff, CTO and Co-founder at SecureData commented below.
Etienne believes that in the rush to adopt the latest technology the myriad potential security problems with this technology will be overlooked by the consumer. Worse yet, they may not even be told of the.
Etienne Greeff, CTO and Co-founder at SecureData:
“Microsoft is shouting from the hilltops that its latest version of Windows 10 will democratise AI, allowing people to use AI and Machine Learning to finish workflows and do tasks on their desktops. However, there are serious security implications that many consumers may not be aware of.
“These AI and ML features would be a fantastic tool for an attacker that has crafted an exploit that relies on machine learning to succeed. Unfortunately, this is yet another example of features finding their way onto desktops where they can be used for good and bad.
“An example would be to learn the behaviour of a user, such as which files they access on a regular basis together with the topics referenced in the files. For example, if an attacker is after financial or personal data they can use this type of modelling to highlight files of interest. This information can then be used to pilfer those files given they are the most popular/valuable. Another example is the possibility to learn how people construct their e-mails and text documents and then use this to impersonate them. If we were to go deeper, attackers could use neural nets and monitor desktop microphones, learning to speak like the user to again impersonate them and cause all kinds of damage. The list is endless and quite frankly frightening – Microsoft would do well to warn consumers who want to take advantage of these new features of the potential risks, prioritising this over lauding and promoting the latest tech offering to come off their production line.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.