For the past few decades, artificial intelligence (AI) has been increasingly taking over more and more tasks not only in the science/cyber world but our everyday lives as well. Logistics, medical diagnostics, statistics, economy, mathematics are now unimaginable without this machine intelligence, which at times acts like a sort of form of entertainment seeing computer trying to match the natural human mind, e.g. DeepBlue – chess playing computer, question answering computer Watson or the latest AI robot Sophia.
Furthermore, AI took an important role in helping to Protect companies and users from malware attacks recognizing the potential virus in much smarter ways than any antivirus and stopping it better than real humans. However, only a couple of days ago, IBM, the technology research company has presented a whole different invention powered by artificial intelligence, allowing the world to see that soon the smart and helpful technology may be weaponized and used for the malicious purpose, that everyone has feared since the beginning of AI era.
There are many speculations if robots and machines will completely replace or destroy humans, biting the hand of their creators that feed them. While before this was just a Hypothetical discussion, IBM’s discovery is the first sign of AI turning against humans. So what is that discovery?
This week IBM presented the DeepLocker, malware which is based on AI. That shook the cybersecurity world because so far the AI was used only by scientists for good cause, to stop the malware and not make it more powerful.
DeepLocker was developed as a proof of concept by IBM Research in order to understand how several AI and malware techniques already being seen in the wild could be combined to create a highly evasive new breed of malware, which conceals its malicious intent until it reached a specific victim. It achieves this by using a Deep Neural Network (DNN) AI-model to hide its attack payload in benign carrier applications, while the payload will only be unlocked if—and only if —the intended target is reached. DeepLocker leverages several attributes for target identification, including visual, audio, geolocation, and system-level features. In contrast to existing evasive and targeted malware, this method would make it extremely challenging to reverse engineer the benign carrier software and recover the mission-critical secrets, including the attack payload and the specifics of the target.
The AI features allow DeepLocker to target a specific person based on the geo-location, system data, visual face identification and voice recognition. Elaborate processes and independent thinking of this malware makes it impossible to catch or notice even by the best security tools because the malicious payload is executed once the intended victim is detected.
Potentially DeepLocker virus can be distributed as a part of the online video conference application, which works usually for any other user until it finally recognizes the programmed target and launches the attack. The visual appearance or voice of the victim can be easily taken from the social media accounts like Facebook, Twitter, Instagram and etc. which are full of publically accessible photos. Just like Social Mapper application which tracks people across social networking sites using facial recognition.
For the proof of concept, IBM’s researchers demonstrated the DeepLocker’s abilities hiding the notorious WannaCry ransomware in the video conference program, passing all the antivirus protections and malware sandboxes, showing no signs of infection until the targeted victim, whose face matched the pictures from social media, triggered the ransomware attack.
Researchers shared this rather concerning discovery to raise the awareness of what can be waiting for the cyberworld in the future and that this can potentially become one of the most dangerous attacks because it simply is inconceivable. If you want to learn more about DeepLocker, make sure to check BlackHat 2018 page for more info.