Cloud-AI: Artificially Intelligent System Found 10 Security Bugs in LinkedIn

Cloud computing concept
2017 is the year of Artificial Intelligence (A.I.), Big Data, Virtual Reality (VR) and Cyber Security with major companies like Google, Facebook, Apple, IBM and Salesforce and technology pioneers like SpaceX founder Elon Musk investing in these hot technologies.

Since everyone seems to be talking about the hottest trend — artificial intelligence and machine learning — broadly, 62 percent of large enterprises will be using AI technologies by 2018, says a report from Narrative Science.

But why AI is considered to be the next big technology? Because it can enhance and change everything about the way we think, interact, manufacture and deliver.

Last year, we saw a significant number of high-profile hacks targeting big organizations, governments, small enterprises, and individuals — What’s more worrisome?

It’s going to get worse, and we need help.

No doubt, we, the human, can find vulnerabilities but can not analyze millions of programs with billions of lines of codes at once.

But what if we have an autonomous system that finds and fixes vulnerabilities in computer systems before cyber criminals exploit them, without even any involvement of human?

Cloud-AI System That Interacts With Web Just Like Humans

An Indian startup named Cloudsek, Infosec Risk assessment company, is working in the same direction, which aims at providing intelligence machine learning-based solutions to help organizations identify and tackle online threats in real-time.

The company has developed Cloud-AI technology, an artificial Intelligence system based on a semi-supervised learning model that can navigate and interact with the Internet just like an intelligent human being.

Cloud-AI is designed to learn on its own with an ability to automatically gather information about input boxes, buttons, and navigation links with minimal false positives.

“This is because humans have generated a vast amount of data on how they have interacted with the web,” Rahul Sasi, Co-Founder and CTO of CloudSek said in its blog post published today.

“We use this data to train our models to achieve our tasks successfully. This method also helps us complete challenging tasks which otherwise is highly time-consuming for the many reinforcement Models.”

Cloud-AI technology powers two of the company’s product:

  • CloudMon – a system that monitors various Internet exposed infrastructures, including Cloud-based Applications and websites, for critical security issues.
  • x-Vigil – a system that monitors various Internet sources,underground/discussion forums, social media platforms, infiltrated data, along with uncovering a broad range of threats and providing real-time alerts without any manual intervention.

Besides this, the security researchers at Cloudsek are also working to up-skill its Cloud-AI technology with an ability to find new vulnerabilities much more quickly than people behind the keyboard.

Cloud-AI Finds Vulnerabilities Like Artificially Intelligent Hacker

Giving a successful demonstration of their Cloud-AI technology, the researchers discovered 10 “Insecure Direct Object Reference” vulnerabilities in the world’s largest online professional network LinkedIn.

An Insecure direct object reference flaw occurs when any application frequently uses the actual name or key of an object while generating web pages, but doesn’t always verify if the user is authorized for the target object.

The issues fixed in LinkedIn include:

  • Leak of any user’s Email ID on LinkedIn
  • Leak of users email and phone number and resume
  • Deleting every user’s LinkedIn request
  • Downloading every transcript to videos from Lynda
  • Downloading every Lynda exercise files without a premium membership

To detect such flaws, all an attacker needs to do is manipulate parameter values. But finding such an easily identifiable security flaw is impossible for an automated tool due to the difficulty in reaching the flawed endpoint, whereas manually doing the process is time-consuming.

“Cloud-AI system had to fill multiple forms and follow valid patterns to reach the vulnerable endpoints. These endpoints often get missed by existing automated tools as well as manual analysis,” CloudSek explains.

Artificial Intelligence is good at breaking CAPTCHA codes, but I’m wondering, and even believe that this system might soon gain the ability to beat Google’s latest reCAPTCHA system, which is also powered by a sophisticated artificial intelligence system to defend websites against bots.

How AI Technology Shaping the Future of CyberSecurity

Cyber security is among the biggest threats in today’s world, and it is a known fact that there are not enough skilled cyber security professionals to tackle growing Internet threats.

The Internet has already been struggling to defend against organized crime, state-sponsored hackers, surveillance and, of course, terrorism – but experts believe AI technology can aid us in protecting sensitive data and critical infrastructure from attackers.

Either its Cloud-AI from CloudSec or OpenAI, backed by Tesla and Space X CEO Elon Musk, every player in this domain wants to build a technology that would eventually create digital intelligence in the way to benefit humanity as a whole.

“In near future, Cloud-AI would be upgraded to assist users while ordering anything on the Internet, as well can perform complex tasks to save precious time.” Sasi told The Hacker News

Moreover, with the rise of the Internet of Things (IoT) devices, the cyber-security threats have grown exponentially, so extensive research into prevention and detection schemes of these technologies is strongly being considered globally.

Since AI is a fundamental part of the concept of the Internet of Things, where machines and devices communicate with each other to get the work done, it’s only AI and machine learning that will be incredibly useful to defend our network before anyone exploits them.

Last year, Security researchers at MIT also developed a new Artificial Intelligence-based cyber security platform, called ‘AI2,’ which has the ability to predict, detect, and stop 85% of Cyber Attacks with high accuracy.

Isn’t it revolutionary idea for Internet Security?

At the same time, we should not forget that smarter technologies do not come without risks.

While AI could provide organizations with a valuable weapon in their arsenal, the risk is that the technology would not fall into wrong hands.


Please enter your comment!
Please enter your name here

Questo sito usa Akismet per ridurre lo spam. Scopri come i tuoi dati vengono elaborati.