News

This is another attack that convinces the AI to ignore road signs:

Due to the way CMOS cameras operate, rapidly changing light from fast flashing diodes can be used to vary the color. For example, the shade of red on a stop sign could look different on each line depending on the time between the diode flash and the line capture.

The result is the camera capturing an image full of lines that don’t quite match each other. The information is cropped and sent to the classifier, usually based on deep neural networks, for interpretation. Because it’s full of lines that don’t match, the classifier doesn’t recognize the image as a traffic sign.

So far, all of this has been demonstrated before.

Yet these researchers not only executed on the distortion of light, they did it repeatedly, elongating the length of the interference. This meant an unrecognizable image wasn’t just a single anomaly among many accurate images, but rather a constant unrecognizable image the classifier couldn’t assess, and a serious security concern.

[…]

The researchers developed two versions of a stable attack. The first was GhostStripe1, which is not targeted and does not require access to the vehicle, we’re told. It employs a vehicle tracker to monitor the victim’s real-time location and dynamically adjust the LED flickering accordingly.

GhostStripe2 is targeted and does require access to the vehicle, which could perhaps be covertly done by a hacker while the vehicle is undergoing maintenance. It involves placing a transducer on the power wire of the camera to detect framing moments and refine timing control.

Research paper.

Experts at the RSA Conference urged cyber professionals to lead the way in securing AI systems today and pave the way for AI to solve huge societal challenges

Experts at the RSA Conference discussed what CISOs can do to protect themselves against legal pressure

Sysdig said the attackers gained access to these credentials from a vulnerable version of Laravel

Afghanistan, Turkmenistan and Tajikistan victims experienced the highest share of banking Trojans

Researchers discover large-scale Russian influence operation using GenAI to influence voters

Researchers discover 75,000+ domains hosting fraudulent e-commerce sites, in a campaign dubbed BogusBazaar

Experts at the RSA Conference discussed how governments, the open-source community and end users can work together to drastically improve the security of open-source software

CISA launched a new software vulnerability enrichment program to fill the gap left by NIST’s National Vulnerability Database backlog

Researchers from Carnegie Mellon University have shared an overview of their new AI Security Incident Response Team (AISIRT)