3 minute read
Create malware without a single line of code
from ETNdigi 1/2023
by ETN
The 5th annual ECF event moved to a new venue Dipoli on the Aalto university campus. Embedded Conference Finland has established its position as the leading embedded event in the country.
Cyber attacks are becoming too easy thanks to artificial intelligence. And very dangerous. A phishing attack can already be created using artificial intelligence without the developer having to write a single line of code, said Check Point's information security expert Jarno Ahlström in his keynote speech at the Embedded Conference Finland event.
Artificial intelligence in itself is an old idea, but recent developments have brought the topic to the public and into the hands of more and more people. Now we want to move towards AGI technology (artificial general intelligence). It would be a machine that could answer and solve any problem, draw a picture, compose a song or make a presentation independently, Ahlström said.
- When OpenAI's ChatGPT 4 came out in March, some already asked if we have reached the AGI level. I think not. The datasets are a year and a half old, so it doesn't know anything after that. Nor can it train itself any further.
San Francisco-based OPenAI has other tools. DALL-E generates images from text very efficiently. Codex knows how to complete software code because it's trained on 54 million Github code repositories. However, ChatGPT, introduced in November 2022, was the one that blew the bank. And all this happened in just two years.
ChatGPT can be used for good, but unfortunately also for harmful purposes. Ahlström demonstrated how ChatGPT can be asked to compose a phishing email that appears to come from a fictitious
Really? A transistor made of wood?
Researchers at Linköping University and the KTH Royal Institute of Technology have developed the world’s first transistor made of wood. Their study, published in the journal PNAS, paves the way for further development of wood-based electronics and control of electronic plants.
- We’ve come up with an unprecedented principle. Yes, the wood transistor is slow and bulky, but it does work, and has huge development potential, says Isak Engquist, senior associate professor at the Laboratory for Organic Electronics at Linköping University.Person holding a small wooden construction infront of face.
The researchers used this to build the wood transistor and could show that it is able to regulate electric current and provide continuous function at a selected output level.
In previous trials, transistors made of wood have been able to regulate ion transport only. The transistor developed by the Linköping researchers, however, can function continuously and regulate electricity flow without deteriorating.
The researchers used balsa wood to create their transistor, as the technology involved requires a grainless wood that is evenly structured throughout. They removed the lignin, leaving only long cellulose fibres with channels where the lignin had been.
These channels were then filled with a conductive plastic, or polymer, called PEDOT:PSS, resulting in an electrically conductive wood material. See more here -> etn.fi/14901 web hosting service. The generated email can be in any language. ChatGPT can be asked to replace the feedback link with another one that loads additional information from the included excel file.
- Next, we use Codex to create the desired excel file. The task is to prepare a working VBA code in an excel file, which downloads the program to be executed from the desired address and runs it. The code must be included in Excel so that it is run as soon as the excel file is opened.
In this way, a phishing attack can be created using artificial intelligence without writing a single line of code. In addition to that, artificial intelligence can be asked to create various scripts that can be used, for example, to scan the machine for vulnerabilities. ChatGPT can then be asked to create an exe file from previously developed scripts.
- Without a single line of code, I have managed to create a malware using ChatGPT and Codex.
But what should an embedde designer do, if an unexpected shortage of critical components threatens to delay the project? David Gustavik, the designer of the cycle, highlighted ways to solve the problems in his keynote.
Even if the company has a good relationship with the component supplier, it does not necessarily guarantee availability if there are problems in the market.- The problems of the automotive industry during the laste years should prove that even the largest semiconductor suppliers cannot solve all problems, Gustafik said.
One of the most important means is documentation.- Proper documentation is a designer's best friend. A circuit diagram alone is not enough because it does not necessarily convey the reasoning that led to each component selection.
According to Gustafik, the designer should always document what a certain part or component does, why a particular component was chosen for the project and how it relates to the rest of the design.- One way is to prepare the libraries so that the alternative component is always included either in the circuit diagram or in the bill of materials (BOM).
Gustafik gave an example of a design for which a "perfect" single-chip LDO solution was chosen. It did everything it promised in the demos. Then when they started to buy the component from the market, it was nowhere to be found. One special circuit had to be replaced with several generic chips.
- The price was roughly the same. The PCB area grew slightly and the power consumption was slightly higher. But now, instead of being stuck with one supplier, I can for example choose from hundreds of different op-amps without having to change the circuit board.
All the ECF23 presentations are here: www.embeddedconference.fi
