Fresh Thoughts #144: Life Hack or AI-Powered Attack?
- Newsletter
Last week, my son arrived home from school with his science homework.
A vocab test on electricity and circuits.
Unfortunately, he is not the kind of person who can brute-force information into his memory just by reading it.
Nor is he willing to repeatedly write out definitions by hand, which is something I had to do at his age.
So we needed a different approach...
We decided that the best approach would be to print out each definition.
He would add a Pokemon sticker—relevant to the definition—and place them around the house in places he regularly stopped.
A combination of Pokemon character and location in the house should help him remember each definition.
It is an approach that has worked well in the past.
However, there was an issue...
As is typical, the vocab list came via Teams - as a PDF on an iPad.
But how do we get the vocab list off the iPad?
The device was restricted.
No printing...
No screen share...
Seemingly, there was no way to get the information without typing the whole thing out.
Then I had an idea.
I took a photo of the device.
Uploaded it to the ChatGPT app and said - “Please transcribe the picture”.
Seven seconds later, the text had been processed, and I pasted it into a new document to work on.
I found this incredible as a “life hack” and will be helpful in the future.
However, as a cybersecurity specialist, I was more concerned.
AI-Powered Attack?
Shoulder surfing - people looking over your shoulder - has always been an area of concern.
The most common places people are aware of the threat are withdrawing cash from an ATM or entering a PIN at a payment terminal.
However, a much more common and overlooked problem is for people who travel for work.
Travelling by train or plane, it is tempting to use the time productively and “get some work done”.
Rarely do people consider who is sitting beside them or just behind their shoulders.
...the people who can read everything on my screen.
On YouTube, a genre of OSINT videos demonstrates this threat.
I recently saw a challenge to identify the book the person in the seat in front was reading - based on the reflection of the train window.
The creator of the challenge published a video on how to solve the challenge.
Adjusting the image contrast...
Identifying words...
Constructing sentence fragments...
It is not hard to see how the ChatGPT “life hack” can be abused to become an AI-powered attack.
So, how do we solve this problem?
Final Thoughts
Crucially, the first step is to understand that working while travelling comes with risk.
Any work completed on the move can never be considered private or confidential.
However, preventing staff from working on the move is often impossible.
For some staff, it is an essential part of their role.
The solution is to reduce the risk, which can be achieved in three ways.
Firstly, adopt a policy stating that sensitive or private information cannot be used outside of an office or private location.
There is a time and place for completing sensitive work, and travelling is not it.
However, staff are free to work on general and non-sensitive administrative tasks.
Secondly, use a privacy screen to reduce the viewing angle of your device.
This will reduce the opportunity for shoulder surfing and reading documents over your shoulder.
Finally, if possible, sit with your back to a wall with a non-reflective surface.
If there is no one behind you, there are fewer opportunities to snoop.
November 12, 20243 Minutes Read
