AbuseGPT: Abuse of Generative AI ChatBots to Create Smishing Campaigns
Authors:
Ashfak Md Shibli,
Mir Mehedi A. Pritom,
Maanak Gupta
Abstract:
SMS phishing, also known as "smishing", is a growing threat that tricks users into disclosing private information or clicking into URLs with malicious content through fraudulent mobile text messages. In recent past, we have also observed a rapid advancement of conversational generative AI chatbot services (e.g., OpenAI's ChatGPT, Google's BARD), which are powered by pre-trained large language mode…
▽ More
SMS phishing, also known as "smishing", is a growing threat that tricks users into disclosing private information or clicking into URLs with malicious content through fraudulent mobile text messages. In recent past, we have also observed a rapid advancement of conversational generative AI chatbot services (e.g., OpenAI's ChatGPT, Google's BARD), which are powered by pre-trained large language models (LLMs). These AI chatbots certainly have a lot of utilities but it is not systematically understood how they can play a role in creating threats and attacks. In this paper, we propose AbuseGPT method to show how the existing generative AI-based chatbot services can be exploited by attackers in real world to create smishing texts and eventually lead to craftier smishing campaigns. To the best of our knowledge, there is no pre-existing work that evidently shows the impacts of these generative text-based models on creating SMS phishing. Thus, we believe this study is the first of its kind to shed light on this emerging cybersecurity threat. We have found strong empirical evidences to show that attackers can exploit ethical standards in the existing generative AI-based chatbot services by crafting prompt injection attacks to create newer smishing campaigns. We also discuss some future research directions and guidelines to protect the abuse of generative AI-based services and safeguard users from smishing attacks.
△ Less
Submitted 15 February, 2024;
originally announced February 2024.
Survey on Security Attacks in Connected and Autonomous Vehicular Systems
Authors:
S M Mostaq Hossain,
Shampa Banik,
Trapa Banik,
Ashfak Md Shibli
Abstract:
Connected and autonomous vehicles, also known as CAVs, are a general trend in the evolution of the automotive industry that can be utilized to make transportation safer, improve the number of mobility options available, user costs will go down and new jobs will be created. However, as our society grows more automated and networked, criminal actors will have additional opportunities to conduct a va…
▽ More
Connected and autonomous vehicles, also known as CAVs, are a general trend in the evolution of the automotive industry that can be utilized to make transportation safer, improve the number of mobility options available, user costs will go down and new jobs will be created. However, as our society grows more automated and networked, criminal actors will have additional opportunities to conduct a variety of attacks, putting CAV security in danger. By providing a brief review of the state of cyber security in the CAVs environment, this study aims to draw attention to the issues and concerns associated with security. The first thing it does is categorize the multiple cybersecurity threats and weaknesses in the context of CAVs into three groups: attacks on the vehicles network, attacks on the Internet at large, and other attacks. This is done in accordance with the various communication networks and targets under attack. Next, it considers the possibility of cyber attacks to be an additional form of threat posed by the environment of CAVs. After that, it details the most uptodate defense tactics for securing CAVs and analyzes how effective they are. In addition, it draws some conclusions about the various cyber security and safety requirements of CAVs that are now available, which is beneficial for the use of CAVs in the real world. At the end, we discussed some implications on Adversary Attacks on Autonomous Vehicles. In conclusion, a number of difficulties and unsolved issues for future research are analyzed and explored.
△ Less
Submitted 14 October, 2023;
originally announced October 2023.