Connect with us

Each country must decide for itself how to apply AI technologies

Published

on

There is a need to stimulate debate and collect citizen feedback to ensure that AI laws are responsive to the needs of the public.

Each country must decide for itself what it considers to be an acceptable use of artificial intelligence (AI) technologies and what is not. In particular, each country must decide for itself whether to use facial recognition systems in public places. Guidelines in this area should be discussed to balance market opportunities and ensure the ethical use of AI.

Above all, governments must stimulate public debate and collect citizen feedback to ensure that AI legislation meets the needs of the public. The head of the AI ​​working group of the association of mobile operators GSMA-Europe Eva Martinkenaite told ZDNet about this.

GSMA-Europe is committed to drafting AI legislation in Europe, transforming ethical guidelines into regulations. In the working group, Martinkenaite represents the position of the Norwegian government on the proposed draft laws. She is also the head of the AI ​​analytics department at Telenor, Norway’s largest telecommunications company.

Theoretical concepts for the ethical use and management of AI may look good on paper, but you also need to make sure they can be applied in practice. This is why constant dialogue and feedback from the population, as well as continuous improvements, are so necessary to keep the legislation up to date.

In promoting the use of AI in various fields, governments should strive to find a balance between exploiting market opportunities and ensuring the ethical use of technology. In particular, Martinkenaite mentioned the controversy in the European Union over the use of AI face recognition systems in public places. Some believe that such systems should be completely banned, while others suggest using them only in exceptional cases, for example, to prevent and combat crime.

According to Martinkenaite, the opinion of citizens should be taken into account in such matters, since there can be no single correct solution. Each country must come to a solution that suits it best.

“This is a dialogue that should be conducted in every country,” the expert noted.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Security

Olympus was attacked by ransomware for the second time in two months

Published

on

The company was attacked by Macaw ransomware developed by Evil Corp.

Japanese tech giant Olympus fell victim to ransomware for the second time in two months. This time, the attack was carried out by the cybercriminal group Evil Corp, against which the US government has imposed sanctions.

The attack on Olympus using a new variant of malware called Macaw began on October 10, 2021. The malware encrypted company systems in the United States, Canada and South America.

Macaw is a variant of WastedLocker ransomware, and both are developed by the cybercriminal group Evil Corp.

This is the second ransomware attack on Olympus in the past two months. The first incident took place in September, when the company’s networks in Europe, the Middle East and Africa were encrypted with BlackMatter ransomware (BlackMatter and Evil Corp. are not related).

“Olympus was attacked by BlackMatter last month and a week or so by the Macaw,” Allan Liska, an analyst at information security firm Recorded Future, told TechCrunch.

According to Liska, the ransomware Macaw left a ransom note on the compromised computers with a data theft statement.

According to the official press release Olympus, the company is investigating “possible data breaches” – a known technique of the so-called “double extortion” in which ransomware steals data from their victims and threatens to publish it if the ransom is not paid.

The company does not provide details about the incident, citing an ongoing investigation.

Continue Reading

Security

Scientists have learned to track gadgets using BLE signals

Published

on

Devices can be tracked by prints of their physical characteristics.

In the past few years, mobile devices have become more likely to use the Bluetooth Low Energy (BLE) protocol to transfer messages, which can pose a significant privacy risk, experts at UC San Diego warn.

Within the framework of research they examined the implementation of BLE in a number of popular models of smartphones, laptops and gadgets and found that devices can be traced back to their physical characteristics. The bottom line is that devices can have a unique fingerprint that can be used to determine where they were and when.

BLE messaging has become more common in phones, laptops, smartwatches and other gadgets due to the support of operating devices for functions such as Apple Continuity or Find My, which imply the use of the BLE standard.

Typically, applications using this protocol try to hide identifiable data by encrypting the device’s MAC address, but this does not help to hide the built-in hardware characteristics of the device, based on which it can be identified.

Experts have tested their theory on several devices, including the iPhone 10, Thinkpad X1 Carbon (Windows), MacBook Pro 2016 (macOS), Apple Watch 4 (watchOS), Google Pixel 5 (Android), and Bose QuietComfort 35. In most cases, they were able to get a fingerprint of the physical BLE chip and distinguish one device from another.

In the course of the study, the scientists faced some difficulties, for example, it turned out to be more difficult to distinguish devices operating on the same chipset model than to distinguish gadgets based on different chips. The device’s ability to identify was also influenced by its temperature and signal transmission power.

Using special equipment, the researchers intercepted BLE signals from 162 devices in public places and were able to identify 40% of them. In addition, the group recorded BLE signals from bystanders’ devices with COVID-19 tracking apps from Apple and Google for two days for 10 hours. Scientists managed to “uniquely identify” 47.1% of 647 MAC addresses.

In theory, the method can be used to track the Apple AirTag and Samsung SmartTag Plus Bluetooth trackers, the researchers noted.

Continue Reading

Security

Vulnerability in WinRAR allows code to run without the user’s knowledge

Published

on

To carry out an attack, you need to create a malicious Wi-Fi access point, hack a router, and spoof DNS.

Positive Technologies Igor Sak-Sakovsky discovered a dangerous vulnerability in the WinRAR file archiver. An issue identified as CVE-2021-35052 exists in the WinRAR web notifier, which is used to display trial period expiration messages. The vulnerability affects WinRAR versions prior to 6.02 beta 1.

To display a message about the expiration of the trial period, the web component redirects to HHPS: //notifier.win-rar.com/. The vulnerability allows a remote unauthorized person to intercept requests sent to them and thereby carry out a man-in-the-middle (MITM) attack, create a backdoor, and even remotely execute code.

As explained by the researcher, the vulnerability exists due to the use of the incorrectly configured webbrowser module by the web notifier component.

According to Sak-Sakovsky, in order to carry out an MITM attack through this vulnerability, an attacker needs to create a malicious Wi-Fi access point, hack a router and spoof DNS, or be on the same network with the victim.

An attacker can use an SMB server to execute code remotely, but there are restrictions on the black list of executable file extensions. So, when you run files with the bat, vbs, exe and msi extensions, a message about the malicious file will appear, suggesting possible actions with them. However, since WinRAR does not have an automatic update mechanism, and vulnerable versions are common, attackers can bypass the restrictions and hide the launch using old exploits for WinRAR or Microsoft Office.

Continue Reading

Most Popular