One of the persistent memes that interest me is the impending event sometimes known as “the singularity.” This is a probable future where our electronic devices become self-aware and fully autonomous. We see the beginnings of this happening all around us in devices like Amazon’s Alexa and Echo, The Nest and Google communities of smart devices, self-driving vehicles, and all the Internet of Things (IoT) devices that listen to us, observe our behaviors, preferences, and choices, and link back to an online controller that collects, parses, and analyzes the information.
All of this technical advancement relies on something called “machine learning.” It turns out that machine learning is harder than it might seem, and like human learning, is only as good as the information that is provided to the learner. In other words – garbage in – garbage out.
A series of recent posts on the Naked Security blog delve into this subject. See the links below to read more.
In information security, machine learning is being used to create the next level of security devices and services that can detect new malicious exploits by combining machine learning with behavioral analysis and code analysis. The issue that most concerns me is how hackable some machine learning systems are at this point. A recent IoT disaster in waiting can be found in an article about an Internet connected car wash that was hacked at a recent Black Hat conference. This makes machine learning enabled devices an interesting new attack vector for cyber-criminals, cyber-warriors, governments, and law enforcement agencies that want to snoop on your activities and data mine all the information that is going online.
So as we enthusiastically adopt these shiny new technologies, we may want to start thinking about how this information we so happily share could be used against us by people, and machines, that may not have our best interests in mind. And just think of what could happen when SkyNet wakes up…
More information:
- Wikipedia article on the technological singularity
- Sophos Naked Security – Garbage In Garbage Out
- Sophos Naked Security – Where Are the Holes in Machine Learning?
- Sophos Naked Security – Better Machine Based Malware Detection
- NPR – Story about Steve the Suicidal Security Robot
- YouTube Using Machine Learning to Remove Terrorist Content.
- Soccer Playing Robots
AUG
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com