A few years ago, I wrote an article titled "Why Universal Video Conferencing & Chat Protocols are Crucial for Future of Communication". In it, I explored the concept of Universal Unified Communication (UUC) and the need to break down the silos between different enterprise teams and communication platforms.

In a way we could even simplify the analogy or the acronym to Universal Communication (UC new acronym we could embrace) which would be basically a new acronym for communications technology that allows for Universal interoperability across different apps for both video conferencing and live chat, text, audio and long form text. Effectively it would render phone, text and email redundant if it was interoperable across all apps.

​Today in 2026, while we are seeing small steps forward, like the adoption of RCS messaging to bridge the gap between different phone operating systems, we are still stuck in "walled gardens." Major video conferencing and chat apps still refuse to talk to each other. If we are ever going to decommission old technology like email for something better, we need to look at how advanced communication is handled in our favorite science fiction shows and maybe learn some lessons to work on (hint, hint).

Downside of our Current “Walled Gardens” in Comms

Currently, each major platform uses its own unique protocol, making it incredibly difficult for users to connect and collaborate across different communication technology platforms. This provincial and protectionist attitude from major tech companies remains the biggest hurdle to advancing human communication and knowledge exchange.

​If we look at the current tech environment, the cracks in these walled gardens are causing massive headaches for businesses:

• ​The Forced Interoperability Mess: Governments are finally stepping in because the industry wouldn't fix itself. With the EU’s Digital Markets Act (DMA) taking full effect in 2025 and 2026, "gatekeepers" like Meta and Apple are being legally forced to make messaging apps interoperable. However, because these companies didn't collaborate on a proactive, universal protocol from the start, this forced integration is clunky, delayed, and plagued by security and privacy concerns regarding how encrypted data is handled between rival apps.

• The Video Conferencing Nightmare: We are in an era where businesses demand "Bring Your Own Meeting" (BYOM) flexibility, yet video conferencing remains a battlefield of unique, proprietary protocols. If for example a Zoom user wants to seamlessly interact with a Microsoft Teams, Facebook Messenger, or Google Meet or FaceTime or WebEx or any other video conferencing user, they hit a wall. Instead of innovating to make meetings hardware-agnostic, vendors waste resources competing for subscribers.

• ​Social Media "Attention Capitalism": Traditional social networks have operated as the ultimate walled gardens, designed to trap users and hoard data. However, the rapidly growing "Fediverse" (using the open ActivityPub protocol in 2026) is proving that an alternative works. Platforms like WordPress and Ghost are adopting it, allowing users on entirely different networks to communicate seamlessly. This proves that users want interoperability, but major corporate video and chat apps are lagging behind this open-web movement.

• ​Knowledge Silos & Data Loss: When information is trapped within these specific, closed apps, we create self-enclosed networks. If a platform shuts down, changes its pricing, or a user loses access, that knowledge is lost, much like the ancient Library of Alexandria burning down without a backup site.

​To truly advance, a global communication system (with text, audio and video) it must be universal and easily useable by anyone on the planet and beyond as we start to have permanent presence on Moon and beyond.

Benefits of a Universally Connectable World

​While recent regulatory pushes, like the EU’s Digital Markets Act forcing basic chat interoperability and Apple finally adopting RCS, are steps in the right direction, they are reactive patches. True Universal Unified Communication (UUC) or lets call it Universal Communication (New UC acronym) would proactively solve the app fatigue and disjointed workflows plaguing modern businesses.

​If companies came together to define and adopt open, universal video and chat protocols, the benefits for global productivity would be massive:

• ​Seamless Collaboration & Eliminating "App Fatigue": Right now, users are overwhelmed by the sheer number of communication channels they must monitor. How many chat and meeting apps do you have on your phone or your computer? Common now, tell me the truth…dozens isn't it? A universal protocol would allow a user to initiate a conversation via text chat on one platform (like WhatsApp) and instantly escalate it to a video conference with a user on a completely different platform (like Microsoft Teams). This removes the friction of forcing clients to download specific software or create new accounts just to communicate.

• ​True Cross-Platform Freedom: You could use your preferred tool to call a client who is using their preferred tool. Just as you can dial any phone number in the world regardless of whether the person uses Telstra or Optus or Vodafone or T Mobile or AT&T or whatever else. You should be able to launch a Google Meet call directly into a client’s Zoom or Webex instance for example. This preserves customer loyalty to their favorite interfaces while enabling total global reach and huge time saved in not needing to relearn new apps. People could focus on doing business and interacting with each other rather than spending long periods of time working out how to connect to each other.

• ​Reclaiming Productivity from "Context Switching": Modern hybrid work is heavily damaged by "context switching", the cognitive load required to constantly jump between Slack, Teams, email, and texts. Universal protocols would allow all messages and calls to funnel into the user's single preferred app when we are talking about productivity platforms as well, similar to communication apps and video conferencing apps. Not necessarily in business, but at least it would allow multiple companies to interact with each other a lot better if they didn't have to set up just to interact the other businesses app, for example, often someone creates a Slack project and then shares it with another business that they're servicing and this business has to create once off Slack account just to work with them once off. Why can't they just connect Slack with Microsoft Teams or something or Google workspace with Slack or things like that or all 3 connect to the same project to work with with the leader of the project setting the controls? This idea would allow teams to communicate faster and choose the most appropriate mode for each situation, drastically reducing communication errors and lost time. Imagine saved collaboration time and productivity between businesses for that!

• ​Standardized, Next-Generation Security: In an era of AI-generated deepfakes and sophisticated cyber threats, fragmented security is a liability. Currently, if one app has a vulnerability, its users are exposed. A unified protocol allows the industry to establish standardized, high-caliber security measures, such as universal end-to-end encryption (E2EE) and zero-trust verification, built directly into the foundation of the communication layer. This ensures that sensitive business data and personal privacy are universally protected, rather than relying on the varying security budgets of individual app developers.

So you can see the benefits of pursuing Universal communication in live chat and video conferencing space to bring it towards Universal interoperability is a really good direction that should be pursued by everyone just as they did with email, SMS and phone calls. Basically with email, SMS and phone calls. You can contact everyone on the planet pretty much. Imagine if you could do that with live chat and with video conferencing and not needing to change the vessel or the app that provides that service. Just as with email, SMS and phone. You use whatever app that is capable of doing it. What do you think? Is this possible from an engineering and programming standpoint? Especially now that there is vibe, coding and programming is becoming easier?

Universal Communication lessons from Sci-fi

When we look to science fiction to imagine the future of technology, one common thread unites almost every vision of an advanced civilization: seamless, frictionless communication.

Writers and creators instinctively understand that a truly advanced society would not tolerate fragmented, proprietary communication networks. Instead, they depict futures where humanity, and entirely alien species together, have overcome the petty hurdles of brand loyalty and walled gardens to build universal communication infrastructures. Here is what three iconic sci-fi franchises can teach us about the path we need to take today.

UC Lessons from Star Trek

​In Star Trek TV series and movies especially The Next Generation, we see a highly advanced, unified approach to communication, which has inspired many of my ideas on this topic. The Starfleet LCARS (Library Computer Access & Retrieval System) database and communication network likely utilized interplanetary, agreed-upon protocols. Whether Captain Picard was sending a text-based log, an audio transmission, or engaging in a live video conference with another ship, the system was universally interoperable.

​When the Enterprise hails a Romulan Warbird or a Klingon vessel, the call connects instantly to the main viewscreen. The crew doesn't have to worry about whether the Romulans are using a different video app, or if they need to download a specific plugin first; the underlying protocols just work. It demonstrates that as a society matures, standardizing the network becomes more important than protecting a specific software brand. We need to build the foundation for our own LCARS today, standardizing how our video and chat data is packaged and transmitted.

UC Lessons from Stargate

​In Stargate SG-1 TV series, highly advanced races like the Ancients, the Nox, and the Tollans didn't rely on fragmented, competing technologies. Their communication networks, and the Stargate network itself, were built on universal, instantaneous connections shared across vast alliances. The Stargate is the ultimate universal protocol: a standardized interface that allows completely different worlds, with completely different levels of local technology, to instantly connect and transfer matter and data.

​Furthermore, these advanced races utilized subspace communications that could interface with almost any device. The lesson here is that a truly advanced civilization prioritizes the frictionless sharing of knowledge and collaboration over corporate competition. They view communication as a fundamental infrastructure, much like physics itself, rather than a product to be locked inside a corporate ecosystem.

UC Lessons from Star Wars

​Star Wars showcases the HoloNet, a galaxy-wide communication grid that functions as a hyper-advanced, real-time internet. Whether someone was using a cheap handheld comlink on a desert planet, a highly secure encrypted console on a star cruiser, or a full-room holographic projector, they could send and receive real-time audio and video across the galaxy.

​The hardware didn't matter because the underlying network protocol was universal. A hologram recorded on a droid could be instantly projected by a completely different manufacturer's ship console. This is exactly what we need for modern video conferencing, a unified standard where the device and the brand do not restrict the connection. Users should be able to buy the hardware and interface they prefer, knowing it will seamlessly plug into the universal communication grid.

What Sci-Fi Teaches Us About Our Future

​The overarching lesson from all three of these science fiction universes is that communication silos are a symptom of a primitive or transitioning society. As civilizations advance, they inevitably realize that the true value of technology lies in its ability to connect everyone, everywhere, without friction. If we want to reach the collaborative heights depicted in these shows, whether that means coordinating global research on Earth or eventually communicating with permanent bases on the Moon and Mars, we must tear down our current walled gardens. Establishing universal video and chat protocols is not just an IT upgrade; it is a necessary progress step for human collaboration.

History of Universal Communications

​Humanity has always sought to connect and share knowledge across distances, whether through ancient letters, telegraphs, or early telephones. However, the history of unifying modern information technology and telecommunications has been a long and winding road. When we look back, a clear pattern emerges: technology only reaches its full potential when strong political will and regulatory bodies step in to establish universal standards.

• ​The Telephone Network: The ability to call anyone in the world didn't happen by accident. It was heavily regulated by the International Telecommunication Union (ITU), a specialized agency of the United Nations. Dating all the way back to 1885 for early telephone regulations, the ITU ensured that different countries and telecom operators adopted uniform operating instructions and standard equipment so that phone calls could seamlessly cross international borders.

• ​Text Messaging (SMS) & Mobile Networks: The ability to text between different mobile carriers was driven by immense political will in Europe. Organizations like the European Conference of Postal and Telecommunications Administrations (CEPT) and later the European Telecommunications Standards Institute (ETSI) were tasked with creating the GSM standard in the 1980s. European governments actively pushed to prevent a fragmented market of incompatible mobile phones, forcing manufacturers and network operators to collaborate on a single, pan-European digital standard that eventually took over the world.

• ​The Internet and Email: In its early days, networks were self-enclosed and not widely used. This changed thanks to the initial funding and political backing of the U.S. Department of Defense (via DARPA), which created the early ARPANET. Eventually, oversight transitioned to global, collaborative engineering bodies like the Internet Engineering Task Force (IETF) and the World Wide Web Consortium (W3C). These groups established open, non-proprietary protocols (like TCP/IP for the web and SMTP for email) that allowed computers everywhere to share information safely, creating one unified global knowledge system.

​If political willpower and international regulatory bodies could unite the global phone network, text messages, and email, they can absolutely do the same with modern video conferencing and live chat. We simply need the industry (and regulators) to prioritize global connection over closed ecosystems.

Hypothetical Future: Accelerated Human Network

​Imagine a world in the near future where the "walled gardens" have finally collapsed. You open your device, running the secure, open-source operating system of your choice, and simply click a contact's name. You don't have to stop and think about whether they use WhatsApp, Messenger, Viber, Zoom, WebEx, Google Meet, Microsoft Teams, or FaceTime on Apple device. You simply start a video call or live text chat, and the universal protocols route your connection securely and instantly across the globe to the right address. The organizer becomes host. The participants connect using the universal communication protocols. And you have synergy of global communication in place.

​Post-Social Media Era: Restoring Human Contact

​This universal interoperability is becoming urgently necessary today. Traditional social media is rapidly declining in popularity as people realize the dangers of algorithm-driven communication technologies that prioritize viral outrage over mental health. Artificial intelligence has almost made it unnecessary to have social media since AI becomes the assistant and the social interaction when no one else is available (which of course has its own dangers we will talk about in the future). As society retreats from these toxic public squares, we are seeing a massive shift back toward direct, authentic human-to-human or contact via private group chats and video calls.

​However, if we rely on these direct communication tools while they are still trapped in corporate silos, our ability to connect remains fractured. Universal protocols will ensure that this new era of direct, simpler, human-centric communication is open to everyone, rather than being controlled by a few gatekeeper companies.

​Exponential Knowledge Exchange with future UC

​In this universally connectable world, global knowledge exchange accelerates exponentially. Researchers, small business owners, and creators can collaborate instantly without technical barriers. By tearing down these digital walls, we could remove the friction of corporate gatekeeping, allowing ideas to flow more freely especially in this AI and quantum age upon us. Perhaps it will help humanity to advance from infantile stage to the next level. But I highly doubt it. I don't know it's 50/50 but I do know that in the long term future. This has to happen Universal communication across all types of formats: text, audio, visual and video, AR, VR and beyond.

Imagine! Mutually assured universal communication (not mutually assured communication silos) with people using live chat or video conference app of choice as we are but it all works with all others.

• So you can have chat groups made of WhatsApp, Viber, Messenger, iMessage, X Chat and RCS users. Or just live chat with anyone in the world safely tied to a phone number.

• Or perhaps arrange a video meeting with people that use Zoom, Google Meet, WebEx, Ms Teams, X Chat and FaceTime? No fuss, organiser sets up and all others recieve and participate. The Organizer is the data host.

• Question for Developers at Apple, Microsoft, Zoom, Google, Microsoft, WebEx, Goto, Viber, WhatsApp, Meta, X and others - question for you, is this technologically possible to setup universal live chat and video conference protocols for everyone by the industry? The internet of rich universal communications would be born much like phone, sms and email.

​We can finally shed the clunky, spam-filled relics of email and traditional phone lines and danger of plain text sms. Instead, humanity could operate on a single, secure, interconnected digital fabric with industry supported universal communication protocols. By building these universal protocols now, we prepare ourselves to work efficiently not just on Earth, but eventually on permanent bases on the Moon, Mars, and beyond. Look how quickly RCS has been adopted as of 2026! What's possible for live chat apps and video conferencing apps in the future?

Happy communicating

Michael Plis

References

• ​Cyberkite Blog 2023: Why Universal Video Conferencing & Chat Protocols are Crucial for Future of Communication by Michael Plis. URL: https://blog.cyberkite.com.au/p/why-universal-video-conferencing

• ​News Article (Messaging Interoperability): Messaging Interoperability: WhatsApp enables third-party chats for users in Europe (Meta Newsroom). URL: https://about.fb.com/news/2025/11/messaging-interoperability-whatsapp-enables-third-party-chats-for-users-in-europe/

• ​Legal/Academic Review (EU DMA): Digital Markets Act and the interoperability requirement: is data protection in danger? (MediaLaws). URL: https://www.medialaws.eu/digital-markets-act-and-the-interoperability-requirement-is-data-protection-in-danger/

• ​News Article (RCS Adoption): Everything to know about Apple RCS support in 2025 (Sinch). URL: https://sinch.com/blog/apple-support-rcs/

• ​Industry Analysis (RCS): RCS is no longer a future vision, it's happening now: the 2025 comeback of rich messaging (Digital Virgo). URL: https://www.digitalvirgo.com/blog/rcs-is-no-longer-a-future-vision-its-happening-now-the-2025-comeback-of-rich-messaging-paving-the-way-for-the-next-generation-messaging-standard-in-2026/

• ​Technical Dispatch (Fediverse): Federated Social Media Platforms (European Data Protection Supervisor). URL: https://www.edps.europa.eu/system/files/2022-07/22-07-26_techdispatch-1-2022-federated-social-media-platforms_en.pdf

• ​Tech Standards News (ActivityPub): Implementing Encrypted Messaging over ActivityPub (Social Web Foundation). URL: https://socialwebfoundation.org/2025/12/19/implementing-encrypted-messaging-over-activitypub/

• ​Policy Paper (Social Media): A Public, Interoperable Social Media Space (Open Future Foundation). URL: https://openfuture.eu/policies-for-the-digital-commons/interoperable-social-media/

• ​Peer-Reviewed Research Paper (Video Conferencing): Can Video Conferencing Be as Easy as Telephoning?—A Home Healthcare Case Study (Scientific Research Publishing). URL: https://www.scirp.org/journal/paperinformation?paperid=64370

• ​Industry Whitepaper (Video Interop): Video Interop in the Hybrid Work Environment (Webex / Recon Research). URL: https://www.webex.com/content/dam/www/us/en/ebook/solutions/interoperability/Recon-Research-Video-Interop-in-the-Hybrid-Work-Environment_cm-4999.pdf

• ​Protocol Analysis (Video Conferencing): The Latest Video Conferencing Standards and Protocols (Metrigy). URL: https://metrigy.com/the-latest-video-conferencing-standards-and-protocols/

• Star Trek Reference (Subspace & Devices): Communicator (Star Trek) (Wikipedia) – Details the fictional communication devices, the LCARS interface, and the subspace transmission protocols that bypass normal physical limitations for instantaneous contact. URL: https://en.wikipedia.org/wiki/Communicator_(Star_Trek)

• Star Trek Reference (LCARS Operating System): Library Computer Access and Retrieval System (LCARS) (Wikipedia / Memory Alpha) – Details the primary computer operating system used across Federation starships. It provides a unified graphical interface for diverse tasks, including data retrieval, log recording, and secure subspace communications, ensuring universal interoperability regardless of the specific vessel or station. URL: https://en.wikipedia.org/wiki/LCARS

• Star Wars Reference (The HoloNet): HoloNet (Star Wars Universe Wiki) – Explains the galactic communications grid commissioned by the Galactic Senate, which uses hyperwave transceivers and s-threads to route hologram and data communications instantaneously across the galaxy. URL: https://starwars-universe.fandom.com/wiki/HoloNet

• Stargate Reference (Subspace & Alteran Tech): Subspace communication (Vennix Productions / Stargate Wiki) – Details how different cultures (Ancients, Asgard, Goa’uld) utilize subspace communication networks and long-range terminals to transmit data across galaxies. URL: https://vennixproductions.fandom.com/wiki/Subspace_communication

​

Hi Everyone, if you are reading this on your phone or computer, you might notice things look a little different! Over the last few weeks, I’ve been working behind the scenes to streamline our digital experience, and we have officially migrated to our new IT services website at cyberkite.com.au.

Our new booking page is: cyberkite.com.au/#book

Our new service pages:

• IT Support (AUS clients only): cyberkite.com.au/#support

• Cybersecurity Services (AUS Clients only): cyberkite.com.au/#cybersecurity

• Marketing & Website Support (AUS Clients Only): cyberkite.com.au/#marketing

• Innovation & Strategic Consulting (AUS & International Clients): cyberkite.com.au/#consulting

Our new solutions page: cyberkite.com.au/#solutions

Our new about us page: cyberkite.com.au/#about

A number of other pages are there such as Service Rates, Payment Options, Legal Terms and our Blog landing page. We hope you enjoy the simpler experience.

Why did we upgrade the site?

The goal was simple: make getting expert IT, Cybersecurity, and Marketing support as frictionless as possible for Australian small businesses (10 staff or less). Additionally, we are excited to offer Innovation & Strategic Consulting to Australian and International businesses of all sizes.

Back end goals were also simple: tidy up our branding, save on website running costs, make use of latest website tools and make the pages make more sense and refine our service offerings to focus on what Cyberkite does best.

What’s new for our clients?

✅ A lightning-fast, mobile-optimized experience.

✅ Simplified and clarified wording in the AI age.

✅ A crystal-clear booking hub for both remote and Greater Melbourne (AU) onsite support.

✅ New Feature: A complimentary 15-Minute Discovery Call for new clients who need direction on their tech strategy but aren’t sure where to start.

Check out the new site and browse our specific solutions tailored for different industries!

A quick question for you on our blog

How are you enjoying our Substack blog so far at blog.cyberkite.com.au? I love sharing these in-depth articles with our Australian and International readers. If you've been finding these tech and business insights helpful, I would be incredibly grateful if you shared our blog website with other business owners in your network that will benefit!

Check out the new site, browse our specific solutions for different industries, and as always, thank you for reading and supporting Cyberkite as we serve your small business!

Glide online securely,

Michael Plis @ cyberkite.com.au

How AI happened and where we're at?

In 2017, Google researchers published a paper called "Attention Is All You Need" (By Ashish Vaswani, Noam Shazeer, Niki Parmar, Jakob Uszkoreit, Llion Jones, Aidan N. Gomez, Lukasz Kaiser, Illia Polosukhin). It introduced the Transformer, the foundational engine that made everything from ChatGPT to Gemini possible. But almost a decade later, we have hit a wall: The Hallucination Ceiling.

​Large Language Models (LLMs) in their current form are ultimately "statistical mimics." They predict the next most likely word based on a massive, often messy, pool of scraped internet data. This is perfectly fine for writing a poem, drafting an email, or brainstorming marketing copy. But it is incredibly dangerous for generating medical advice, writing cybersecurity patches, or conducting structural engineering.

​To reach Artificial General Intelligence (AGI), a system that meets or exceeds human-level reasoning across all fields, we don't just need more data. We need a radical restructuring of how AI "thinks."

​We are moving away from "Generative Intelligence" that guesses, and toward "Verifiable Intelligence" that proves.

​The Death of the Monolith: MoE and SLMs

​For years, the industry trend was simply "bigger is better." But a monolithic model that tries to memorize the entire internet is often a model that masters nothing. The future of architecture relies on two key components: Mixture of Experts (MoE) and Small Language Models (SLMs).

​Power of MoE (Mixture of Experts)

In an MoE system, the neural network is divided into specialized sub-networks. Instead of activating every single parameter to answer a simple prompt, the model uses a dynamic routing mechanism that selectively activates only the most relevant "expert" pathways.

​We are already seeing the evolution of this in action with Google’s current Gemini 3.1 Pro and the imminent shift toward the 3.5 architecture. These models utilize an advanced, hyper-sparse Mixture-of-Experts architecture. This allows the total model capacity to scale massively while keeping the computational cost incredibly low, enabling breakthroughs like real-time reasoning and massive, multi-million token context windows without crashing the grid. When you ask a question about quantum mechanics, the "general" brain doesn't guess; it delegates the task to a highly verified "expert" subset of neurons.

​Rise of "Pristine" SLMs

This expert routing becomes truly powerful when combined with highly specialized Small Language Models (SLMs). Microsoft recently proved the viability of this with the Phi-3-mini. Despite having only 3.8 billion parameters, small enough to run natively on an iPhone, it matches the performance of massive models like GPT-3.5.

​How? By abandoning raw internet noise. Phi-3 was trained on 3.3 trillion tokens of rigorously filtered public documents, high-quality educational materials, and specially created synthetic data.

​Imagine a Physics-SLM that has never read a Reddit thread, a political debate, or a fictional novel. It has only processed verified scientific papers and mathematical proofs. By querying these "Pillars of Truth," we can push AI accuracy from the current ~70-80% to the 99% threshold required for human-level trust.

​Formal Verification: Solving the Hallucination Problem

​The core reason AI hallucinates is that it operates purely in natural language, which is inherently ambiguous. To reach AGI, AI must be grounded in strict logic.

​Google DeepMind’s recent breakthrough with AlphaProof provides the exact blueprint for this. DeepMind built a reinforcement-learning system that combines LLMs with Lean, an open-source programming language and formal proof assistant.

​When AlphaProof is given a math problem, it doesn't just guess the answer in English. It translates the problem into Lean code, solves it mathematically, and uses Lean's automated verification to prove the logic is flawless before it ever outputs the result to the user. There is no need to trust the model blindly because the output is mathematically verified, eliminating hallucinations entirely.

​This methodology, combining Gemini's Deep Think reasoning with formal verification, recently allowed Google's AI to achieve a Gold-medal standard (scoring 35 out of 42 points) at the International Mathematical Olympiad (IMO). 

​This represents a shift to Inference-time Scaling. The AI spends far more compute power "thinking," simulating, and "verifying" its logic before it speaks. It is the difference between a student shouting out the first answer that comes to mind and a scientist methodically showing their work on a chalkboard.

​The Hardware Catalyst: Quantum-AI Synergy

​We cannot talk about the future of AI without talking about the hardware required to run these massive verification loops. Enter Willow, Google’s state-of-the-art 105-qubit superconducting quantum processor.

​Late in 2024, Google announced that Willow achieved a historic milestone: it reduced errors exponentially as the number of qubits scaled, achieving below-threshold quantum error correction. To prove its power, Willow completed a benchmark computation in just five minutes that would take today's fastest supercomputers 10 septillion years.

​More practically, Google recently ran the "Quantum Echo" algorithm on Willow, analyzing the magnetic spins of atoms to reveal molecular structures 13,000 times faster than a supercomputer.

​To reach 99% accuracy in complex, real-world fields like molecular biology, drug discovery, or climate modeling, classical computers simply aren't fast enough. The integration of Quantum Computing into the AI training loop will allow us to simulate the physical world with a fidelity we’ve never seen. We aren't just teaching AI to talk about the world; we are giving it the computational engine to simulate the world's laws perfectly.

​What’s Missing for AGI?

​While MoE, Formal Verification, and Quantum hardware provide the engine, two major hurdles remain to achieve true AGI:

• ​Continuous Learning: Currently, AI models suffer from "catastrophic forgetting." Once they are trained, they are essentially frozen. If you teach them something new, they often overwrite and forget previous knowledge. True intelligence requires the ability to learn continuously from a single mistake in real-time without retraining the entire multi-billion-parameter system.

• ​Episodic Memory: AGI requires persistent, contextual memory. It needs to remember exactly how it solved a problem for you three months ago and apply that context to a new workflow today.

​When we successfully combine specialized SLMs, MoE architecture, and Quantum-verified logic, the "Personal Computer" will officially become the "Personal Expert."

​We are no longer building a tool that answers questions. We are building a system that understands the truth.

Building a brain 🧠

I think to myself the ultimate goal here is to build a controllable intelligence generator that mimics the human brain. But I wonder the more complex we make at the harder it will be to monitor and control.

Understanding real world and understanding at least by automation like precision without consciousness it starts to understand the world yhat humans live in this becoming more useful. That is good as long as we figure out how to control and monitor it and build truthful foundations for it.

If you build the AGI (Artificial General Intelligence) with bias or conflict within it there will be errors. Its interesting how universal truths are required for AI to work. Perhaps thats why our human self aware bains suffer from conflict when we go contrary to our moral principles and such situations.

MoE and SLMs are already being designed and implemented and all these breakthroughs will need to be added to all AIs in order to be financially viable and advance.

Example of the problem is my tests of AI voice mode on Gemini, Grok, ChatGPT and Claude. After approximately 30 minutes recent models collapse by starting to speak sentences with only 2-5 words, sounding like they are short of breath and speaking in a condescending manner. Earlier models I found were a lot easier to have a conversation with. I was able to, for example maintain conversations that were maybe 1 or 2 hours long before the model collapsed. But the new models seem to collapse a lot quicker when exposed to a human intelligence and going deep into a subject in a voice conversation.

Isn’t that amazing that our brain is so complex in our sentient intelligence is too complex for the AI so raved about as advanced.

Cutting corners and rushing into this is foolish and anyone that rushes through this will suffer financially as a company both as the end user and as the developer. So I highly recommend doing it properly. Designing these advancements in such a way is its fully tested and trusted. Data needs to be verified and trusted if we are to go into the 90 to 90% accuracy goal - humans are about 90 to 99% accurate, so for AI to advance it needs to match that. You would it be amazing for the AI to get to 100% accuracy but look if it gets to 90%. That's the inflection point where AI can replace humans on mass at least in white collar jobs where direct human to human contact is not necessary.

I'm eagerly and worryingly watching the development of AI in the coming months and years. The stakes are high for everyone and the dangers are immense.

Subscribe to Cyberkite blog to keep on top of these developments from a small business perspective.

Happy Computing

Michael Plis

References

​1. The Foundation of Modern AI Architecture

• ​Attention Is All You Need (The original Transformer paper) https://arxiv.org/abs/1706.03762

​2. Mixture of Experts (MoE) & Google Gemini

• ​Our next-generation model: Gemini 1.5 (Google DeepMind's transition to MoE) https://deepmind.google/discover/blog/our-next-generation-model-gemini-15/

​3. Small Language Models (SLMs)

• ​Introducing Phi-3: Redefining what’s possible with SLMs (Microsoft) https://azure.microsoft.com/en-us/blog/introducing-phi-3-redefining-whats-possible-with-slms/

​4. Formal Verification & Logical Grounding

• ​AI achieves silver-medal standard solving International Mathematical Olympiad problems (AlphaProof) https://deepmind.google/discover/blog/ai-achieves-silver-medal-standard-solving-international-mathematical-olympiad-problems/

​5. Quantum Computing & AI Synergy

• ​Meet Willow, our state-of-the-art quantum chip (Google) https://blog.google/technology/research/google-willow-quantum-chip/

6. DeepLearning.ai (The Batch)

• ​Article: Google Releases Gemini 3.1 Pro In Preview, Tops Intelligence Index at Same Price

• ​Quote: "The model is a sparse mixture-of-experts transformer... Input/output: Text, images, PDFs, audio, video in (up to 1 million tokens)... Architecture: Mixture-of-experts transformer."

• ​URL: https://www.deeplearning.ai/the-batch/google-releases-gemini-3-1-pro-in-preview-tops-intelligence-index-at-same-price/

​7. Weights & Biases (W&B AI Team)

• ​Article: Tutorial: Get started with Google Gemini 3.1 Pro

• ​Quote: "Gemini 3.1 Pro is built on top of Gemini 3 Pro and follows a Sparse Mixture of Experts (MoE) transformer architecture with native multimodal support for text, vision, and audio inputs. The context window supports up to 1 million tokens..."

• ​URL: https://wandb.ai/ai-team-articles/gemini-3.1-pro/reports/Tutorial-Get-started-with-Google-Gemini-3-1-Pro--VmlldzoxNTk4NzY5MA

​8. Tech Reviews / Benchmarking (Medium)

• ​Article: Gemini 3.1 Pro Test: Is It the Perfect LLM?

• ​Quote: "Gemini 3.1 Pro is built on an advanced Sparse MoE (Mixture of Experts) architecture and introduces a brand-new 'Deep Think' mode. Think of it as a smart dispatch center: when faced with complex problems, it automatically activates the most relevant 'experts' and spends more time breaking down multi-step reasoning tasks."

• ​URL: https://medium.com/@302.AI/gemini-3-1-pro-test-dethroning-claude-4-6-to-take-the-crown-is-it-the-perfect-llm-964a09ed59d5

9. Google DeepMind AlphaProof https://deepmind.google/blog/ai-solves-imo-problems-at-silver-medal-level/

Google Chrome has recently overhauled its security tools to be much more proactive. Here are the most important live security features you should activate to protect your browsing data.

Some new security enhancements to Chrome browser & OS have recently been added since version 84.0.4147.135 onward. I’ve also included some tips on turning on additional Chrome browser & Chrome OS security features to further enhance your online security.

Automatic "Safety Check"

Chrome’s Safety Check feature now runs automatically in the background. It continuously monitors your browser health, alerts you to compromised passwords, revokes permissions from sites you haven’t visited recently, and flags deceptive notifications.

• How to view your Safety Check status:

  • Open Chrome and click the three dots (⋮) in the top right.

  • Click Settings.

  • Select Privacy and security on the left menu.

  • Under the Safety Check section, review any recommended actions (like removing a bad extension or updating a compromised password).

Enhanced Protection (Real-Time Safe Browsing)

Standard protection relies on a static list of known bad websites. Enhanced Protection goes a step further by using real-time AI to actively scan for new, unknown phishing sites and malware before they can load on your screen.

• How to turn it on:

  • Go to Settings > Privacy and security > Security.

  • Under the Safe Browsing section, select Enhanced protection.

How to use Safe Browsing.

Use Secure DNS

This feature encrypts your web traffic requests so your internet service provider (or anyone snooping on your local network) cannot easily track which websites you are visiting.

• How to turn it on:

  • Go to Settings > Privacy and security > Security.

  • Scroll down and toggle on Use secure DNS.

  • Select the With option and choose a secure provider from the drop-down menu (such as Google Public DNS or Cloudflare or one of other 4 providers including one that has CleanBrowsing (porn filter)).

How to use Secure DNS (Under subheading Use secure connection...). You may need to re-tick and tick as it seems to drop off initially. Important: If your device is managed by your Organisation or parental controls are turned on, you can’t use Chrome’s secure DNS feature.

One-Time Permissions

Instead of permanently giving a website access to your microphone, camera, or location, you can now grant permission for a single session. Once you close the tab or leave the site, Chrome automatically revokes the access.

• How to use it:

  • When a website asks for access (e.g., to your microphone), a prompt will appear near the address bar.

  • Select Allow this time.

HTTPS-First Mode

This setting forces Chrome to upgrade all your website connections to a secure, encrypted format (HTTPS). If a site doesn’t support encryption, Chrome will display a full-page warning before letting you proceed.

• How to turn it on:

  • Go to Settings > Privacy and security > Security.

  • Scroll down to Advanced and toggle on Always use secure connections.

Disable Ad Privacy Tracking (Topics API)

Chrome is phasing out old third-party cookies, but it has replaced them with a system that profiles your browsing history directly within the browser itself to serve you targeted ads. For maximum privacy, you should turn this off.

• How to disable it:

  1. Go to Settings > Privacy and security > Ad privacy.

  2. Go into Ad topics, Site-suggested ads, and Ad measurement, and toggle all of them off.

Audit Your Site Permissions

Over time, we give dozens of websites access to our camera, microphone, and location. Chrome automatically removes permissions from sites you haven’t visited recently to protect your data, but doing a manual cleanup is highly recommended.

• How to review them:

  1. Go to Settings > Privacy and security > Site settings.

  2. Review the permissions for Camera, Microphone, and Location, and remove access for any sites you don’t recognize or need.

Use Separate Browser Profiles (Crucial for Sole Traders)

Mixing personal browsing, business admin, and financial tasks in one browser window is a major risk. If you accidentally click a bad link while doing personal browsing, it could compromise your logged-in business accounts.

• How to set it up:

  1. Click your Profile picture in the top-right corner of Chrome.

  2. Click Add profile.

  3. Create distinct profiles (e.g., “Cyberkite Admin”, “Personal”, “Finance”) and give them different color themes so you immediately know which environment you are in.

Password Checkup (Audit for Compromised Credentials)

If you use Chrome’s built-in password manager, you should regularly scan your saved logins to see if any have been exposed in third-party data breaches, or if you are using weak and reused passwords.

• How to run the checkup:

  1. Open Chrome and click the three dots (⋮) in the top right corner.

  2. Hover over Passwords and autofill and select Google Password Manager.

  3. On the left-hand menu, click Checkup.

  4. Chrome will categorize your passwords into: Compromised, Reused, and Weak.

  5. Click on any flagged passwords and follow the prompts to go to the associated website and update them immediately.

It will do the check for websites that have had their password compromised. (If you sync your passwords under Chrome browser/Google account). This replaces the Password Checkup extension that Google has deprecated from 31 August 2020. About new Password Checkup (Under subheading Check your saved passwords)

Login to web based Google Account Password Manager with your Google account & select Go to Password Checkup and change passwords for any sites that use same password to a unique for each and save it in Chrome synched with Google account.

How to use Password Checkup on online Google Password Manager.

Optimize Google Password Manager Settings

If you use Chrome’s built-in password manager, you should adjust two critical settings to protect your saved logins from both physical snooping and hidden phishing scripts.

• Require Authentication to Autofill (Windows Hello / Mac Screen Lock) By default, anyone sitting at your unlocked computer might be able to use your saved passwords. You can force Chrome to ask for your fingerprint, face scan, or computer PIN before it fills in a password.

  • How to turn it on:

    1. Go to Settings > Autofill and passwords > Google Password Manager.

    2. Click on Settings in the left-hand menu.

    3. Toggle ON the option for Use Windows Hello when filling passwords (on Mac, this will say Use your screen lock when filling passwords).

• Disable “Sign in automatically” (Anti-Phishing Shield) If this is turned on, malicious scripts on compromised websites can sometimes trick your browser into automatically submitting your saved credentials into invisible forms without you clicking anything. Turning this off ensures you are always in control of when your password is submitted.

  • How to turn it off:

    1. In the same Google Password Manager > Settings menu.

    2. Toggle OFF the switch for Sign in automatically.

Suggest Strong Password (The Built-In Generator)

When you are creating a new account or updating an old password, you shouldn’t reuse an old one or try to invent a new one yourself. Chrome has a built-in generator that creates a long, complex, and unique password for you, and saves it automatically.

How to use it:

1. Make sure you are signed into your Google Account in Chrome and that password syncing/saving is turned on.

2. Go to a website and begin signing up for an account.

3. Click on the text box where you need to enter a new password.

4. A prompt will appear saying Suggest strong password (if it doesn’t appear, right-click the text box and select Generate password).

5. Click Use suggested password. Chrome will fill it in and automatically save it to your Google Password Manager.

When setting up a new account on a site right click on the password field & select “Suggest strong password“ & save them to Google account via Chrome sync. How to use Suggest strong password.

Note: Instructions on Turning sync on and off in Chrome (Important: Only turn on Chrome sync with devices you own. If you’re using a public computer, use guest mode instead.)

Turn on 2-Step Verification (2SV) for Your Google Account

Turning on 2-Step Verification (also known as two-factor authentication) adds a critical extra layer of security to your account. Because it requires both something you know (your password) and something you have (your device), it makes it incredibly difficult for hackers to gain access, even if your password is stolen.

How to turn it on 2SV

1. Open your Google Account settings.

2. On the left navigation panel, click Security.

3. Scroll down to the “How you sign in to Google” section and select 2-Step Verification.

4. Click Get started and follow the on-screen steps.

Choose Your Second 2SV Step

Google offers several ways to verify it’s you. It is highly recommended to set up multiple verification methods in case you ever lose your primary device:

• Passkeys (Simplest & Safest): This lets you sign in using your device’s built-in fingerprint reader, face scan, or screen lock PIN. Passkeys exist only on your devices and cannot be accidentally given to a bad actor, making them highly secure.

• Google Prompts: If you don’t use a passkey, Google strongly recommends using Prompts. Google sends a push notification to your smartphone where you simply tap Yes to allow the sign-in or No to block it. Prompts help protect against SIM swap and phone number-based hacks.

• Authenticator App: Apps like Google Authenticator generate temporary verification codes on your phone, even when you do not have an internet connection.

• Backup Codes (Crucial Fallback): Generate and save a set of backup codes. These single-use codes are the only way to ensure you can access your account if you ever lose your phone, factory reset it, or are completely offline. Store them in a safe place or a password manager.

How to do it. And read up more on 2 Factor Authentication on Google account.

Keep Chrome Updated

The absolute most critical security feature is keeping the browser up to date, as these updates patch active vulnerabilities that hackers exploit.

• How to check and update manually:

  • Click the three dots (⋮) > Help > About Google Chrome.

  • Chrome will automatically check for updates and download them. Click Relaunch to apply the updates.

Well wishes

I hope the enhancements that you have turned on will help you browser safer online because the digital threats are out there. So the best defence is a good offence. And Just like Victorian WorkCover ad’s used to say but I’ve modified for Cybersecurity:

Look it

Think it

Don’t click it (if in doubt)

Happy computing

Michael Plis

​Then, this week, the illusion shattered.

​The Dow plunged 800 points, and the software sector lost over $200 Billion in market capitalization almost overnight. The catalyst wasn't a change in interest rates or a bad jobs report. It was a 7,000-word thought experiment by Citrini Research titled "The 2028 Global Intelligence Crisis", a viral paper that forced the financial world to confront a terrifying question:

​What if AI is so good for corporate efficiency that it actually breaks the economy?

​We have officially entered a new phase of the technological revolution. We are shifting from AI that "chats" to Agentic AI that "works." And as we are about to find out, the consequences of that shift are going to rewrite the social contract.

​Paradox of Hyper-Efficiency

​The core thesis of the viral "Doomsday AI" report is simple, realistic, and entirely devoid of science-fiction tropes like rogue terminators. The threat isn't that AI will turn evil; the threat is that it will do exactly what we built it to do, but far too quickly.

​Right now, companies are racing to integrate Agentic AI, systems capable of autonomous reasoning, navigating file systems, and executing multi-step workflows. The immediate micro-economic result is fantastic: profit margins soar because companies can achieve the same output with 30% fewer white-collar workers.

​But macro-economics is a closed loop.

​When every Fortune 500 company simultaneously replaces mid-level knowledge workers with AI agents to cut costs, they are collectively firing their own consumer base. If the white-collar middle class is hollowed out, who buys the software subscriptions, the cars, the mortgages, and the consumer goods?

​This is the "AI Disruption Tax." Wall Street panicked this week because they suddenly realized that the hyper-efficiency of AI might trigger a massive deflationary spiral, destroying the revenue models of the very tech companies building the infrastructure.

​The End of the "Safe" Tech Job

​If you thought your specific niche of knowledge work was immune to this, this week provided a sobering reality check.

​Simultaneous with the viral report, Anthropic released a new AI capability specifically designed to write, translate, and modernize legacy COBOL code.

​To the average person, that sounds like technical jargon. To the enterprise tech world, it was an earthquake. COBOL is a decades-old programming language that still runs the backends of major global banks and governments. Because it's so old, human engineers who know COBOL are rare, highly sought after, and incredibly expensive. Legacy giants like IBM have built massive, stable revenue streams simply by maintaining this ancient code. It was considered the ultimate "safe, boring, highly-paid" tech moat.

​In a single afternoon, AI automated it. IBM’s stock subsequently suffered its worst single-day drop since the year 2000.

​The message is clear: There is no longer a "safe" harbor in pure logic or data processing. If a job relies solely on sitting at a keyboard, analyzing information, and producing digital output, an AI agent will soon do it faster and cheaper.

​What the Future Holds: Pivot to "Wisdom Work"

​So, where does this leave us as we look toward the 2030s? If the "Doomsday" scenario is a possibility, how does society adapt?

​1. The Rise of the "Human Premium"

As digital output becomes infinite and practically free, it will lose its value. In a world where AI can generate a flawless 50-page strategic analysis in three seconds, the analysis itself becomes a commodity.

What will command a premium is trust, relationship, and lived human experience. We will see a shift from "Knowledge Work" to "Wisdom Work." People won't pay for the data; they will pay for a trusted human to tell them how to feel about the data.

​2. A Radical Restructuring of the Tech Economy

The software-as-a-service (SaaS) model is in grave danger. Why pay $100,000 a year for 50 specialized software subscriptions when your company’s internal AI agent can just custom-code the exact tools you need on the fly? Tech companies will have to pivot from selling "tools" to selling "outcomes," fundamentally changing how Silicon Valley operates.

​3. The Inevitable Policy Reckoning

We can no longer ignore the conversation around systemic economic safety nets. If Agentic AI permanently displaces 20% of the white-collar workforce over the next five years, traditional unemployment systems will collapse. Conversations around Universal Basic Income (UBI), robot taxes, or "human-in-the-loop" mandates will move from fringe academic debates to the center stage of global politics.

​The Inflection Point

​The market crash this week wasn't a glitch; it was a wake-up call. We spent the last three years marveling at the parlor tricks of generative text and image models. We are now entering the era of applied intelligence.

​AI is the most powerful tool humanity has ever created. But this week proved that we are severely underestimating the shockwaves it will send through the very foundation of how we work, earn, and live.

​I want to hear from you in the comments:

• Do you think the market's fear of the "AI Disruption Tax" is justified, or is this just another technological panic that will eventually create more jobs than it destroys?

• How is your specific industry preparing for Agentic AI?

​Let’s discuss below.

Happy computing

Michael Plis

References

• CITRINI: THE 2028 GLOBAL INTELLIGENCE CRISIS: https://www.citriniresearch.com/p/2028gic

• The Viral Doomsday Report Fallout (Entrepreneur): Detailed coverage on how the Citrini Research hypothetical scenario caused a massive sell-off in names like Datadog, CrowdStrike, and Amex: https://www.entrepreneur.com/news-and-trends/the-dow-dropped-800-points-was-a-viral-ai-report-to-blame/502954

• IBM’s Historic 13% Plunge & The Anthropic Threat (AI Dispatch/Jobright intel): Analysis of how Anthropic's new COBOL automation tool triggered IBM's worst single-day drop in 25 years: https://hipther.com/latest-news/2026/02/25/107637/ai-dispatch-daily-trends-and-innovations-february-25-2026-anthropic-openai-ibm-gemini-3-1-pro-hes-fintech/

• The Broader Market Contagion (Reuters): Tracking the FTSE and US Stock Futures as tariff uncertainty and AI disruption fears dominate the morning bids: https://thetruestory.news/en/world/story/ec46e589-11af-11f1-bdec-a8a1590471b5

• "Doomsday AI" Origin Story: The Guardian: ‘A feedback loop with no brake’: how an AI doomsday report shook US markets: A fantastic breakdown of the original Citrini Research report ("The 2028 Global Intelligence Crisis") authored by James Van Geelen and Alap Shah. It details how their hypothetical scenario of AI agents removing all economic "friction" would effectively destroy the margins of middlemen like travel agencies, SaaS platforms, and traditional payment providers: https://www.theguardian.com/technology/2026/feb/24/feedback-loop-no-brake-how-ai-doomsday-report-rattled-markets

• The Deflationary Spiral & The SaaS Threat: Quartz: How an AI doomsday Substack post caused a mini market crash: This piece dives deep into the macroeconomic theory behind the crash. It explores the concept of the "human intelligence displacement spiral"—a scenario where AI drives down white-collar wages and causes mass layoffs, which in turn destroys consumer spending and creates a negative feedback loop. It explicitly highlights why the U.S. "white-collar services economy" is so uniquely vulnerable to Agentic AI: https://qz.com/doomsday-substack-post-rattles-markets

• The Fall of the COBOL Empire: CIO: Anthropic's claim that AI can quickly refactor COBOL rattles IBM investors: A must-read for enterprise tech professionals. This article explains exactly how Anthropic's new "Claude Code" agent is automating the highly complex, consultant-heavy process of mapping and modernizing decades-old COBOL infrastructure. It provides the crucial context for why this specific AI release triggered a historic 13% single-day drop in IBM's stock, wiping out roughly $40 billion in market value: https://www.cio.com/article/4137185/anthropics-claim-that-ai-can-quickly-refactor-cobol-rattles-ibm-investors.html

• The Hardware Reality Check: Tom's Hardware: Anthropic's new AI tool can write 67-year-old COBOL code...A more technical look at the legacy code dilemma. It explains why COBOL has survived this long (handling fixed-point decimal math for 95% of global ATM transactions) and why reverse-engineering it was previously considered too expensive for humans to bother with—until AI Agentic coders arrived: https://www.tomshardware.com/tech-industry/big-tech/ibm-stock-takes-a-13-percent-whiplash-after-anthropic-announces-an-ai-tool-for-writing-cobol-code-stock-has-worst-day-since-2000-and-is-down-25-percent-mom-and-counting

The problem

​If you’ve turned on your Windows PC recently and felt a distinct rise in blood pressure, you are not alone.

​There is a palpable sense of exhaustion in the tech community right now. For decades, the Operating System was a tool, a quiet, stable foundation upon which we built our digital lives. We owned the hardware, we installed the OS, and it served us.

​Somewhere in the last few years, that dynamic inverted. We no longer use Windows; Windows uses us.

​The current state of Windows 11 is not just a matter of bad design choices or buggy updates. It is the result of a fundamental shift in corporate philosophy at Microsoft, accelerating under CEO Satya Nadella, that views the desktop not as a user’s sanctuary, but as corporate real estate ripe for aggressive monetization, data harvesting, and forced feature injection.

​We are living through a crisis of the personal computer. It’s time to diagnose the disease and look seriously at the escape routes.

​The Diagnosis: "Enshittification" by Design

​Tech commentator Cory Doctorow famously coined the term "enshittification" to describe how platforms decay: first they are good to their users, then they abuse their users to make things better for their business customers, and finally, they abuse those business customers to claw back all the value for themselves.

​Windows 11 is perhaps the most glaring example of this phenomenon in the hardware space.

​As highlighted in excellent recent analyses, including ColdFusion’s viral breakdown "The Windows 11 Crisis," the OS has become actively hostile to its user base. This isn't accidental; it's architectural.

​Here is the reality of the modern Windows experience:

​1. The AI Bloatware Nobody Asked For

​Microsoft has bet the farm on OpenAI, and Windows users are paying the price. The integration of COPILOT is not a helpful feature; it is an intrusive layer of surveillance and resource drain jammed into the taskbar.

​They are trying to force a paradigm shift to AI-based computing by making the traditional desktop experience worse. The recent debacle regarding "RECALL", a feature designed to constantly screenshot your activity, was a mask-off moment for privacy advocates. Even when "off," the infrastructure for massive user surveillance is being baked into the kernel.

​2. The Telemetry Mosquito

​Try setting up a Windows 11 Pro machine today without a Microsoft account. It requires registry hacks or disconnecting the internet at precise moments. Why? Because a local account generates less data. Microsoft’s insistence on tethering your local machine to their cloud is about control and telemetry. They want to know what you launch, how long you use it, and where you click, feeding the advertising beast.

​3. The E-Waste Generator (Hardware Requirements)

​Perhaps the most cynical move with Windows 11 was the arbitrary hardware gatekeeping, specifically the TPM 2.0 requirement. Overnight, millions of perfectly capable, powerful CPUs from just a few years ago were declared obsolete.

​This isn't about security; if it were, they wouldn't allow those requirements to be bypassed so easily by enthusiasts. It is about forced obsolescence designed to juice PC sales, creating an environmental disaster of perfectly functional e-waste in the process.

​4. The Tyranny of Updates

​We still live in a world where you can walk away from your PC for a coffee and come back to find it rebooting for an update you explicitly paused, potentially losing work. The user is not trusted to manage their own machine.

​The Landscape Survey: Weighing the Contenders

​If we judge an operating system on the basic pillars of Stability, Privacy, Resource Efficiency, and User Control, how does the current landscape stack up?

​The Incumbent: Windows 11

• ​Verdict: Fails on nearly every metric except software compatibility. It is unstable, privacy-invasive, bloated, and actively wrests control away from the user. It is heading in a dystopian direction.

​The Walled Garden: macOS

• ​Verdict: Many frustrated Windows users look to Apple as the premium escape hatch. But be careful. While macOS is currently more polished and private than Windows, Apple is marching toward the exact same destination, just taking a scenic route.

• ​Apple's control over their ecosystem is absolute. They are increasingly locking down the OS, fighting right-to-repair, and introducing their own unavoidable "Apple Intelligence" layers. It is not an open alternative; it is just a nicer cage.

​The Sanctuary: The Brilliance of Linux

• ​Verdict: If you value control, privacy, and efficiency, Linux is no longer just a viable alternative; it is the superior choice.

• ​The strides made by distributions like Linux Mint (for those wanting a familiar feel), Ubuntu (for ease of support), and Fedora or Debian (for rock-solid stability) are staggering.

• ​Modern Linux takes resources that Windows 11 chokes on and makes them fly. It respects your privacy by default. It updates when you tell it to. It is the last bastion of the "Personal Computer" ethos. The gaming landscape, thanks to Valve's Proton, has also largely been solved.

​The Future horizon: Chrome OS and "Aluminum" OS

• ​Verdict: We must also look ahead. For the vast majority of users who live in a browser, the heavy, bloated desktop OS is overkill.

• ​Chrome OS has quietly cornered the market on simplicity and security. But the real excitement is brewing around Google’s rumored push to merge Android’s capability with a desktop interface, often referred to in leaks as a project akin to "Aluminum OS."

• ​A lightweight, incredibly cheap, ARM-based future designed for web apps and Android integration is coming. It will likely run better on older resources than Windows ever could, posing the first real existential threat to Microsoft's dominance in the casual market.

How to transition from Windows to Linux

The idea of deleting Windows and installing a completely new operating system sounds terrifying to most people. Microsoft relies on that fear to keep you locked in.

​But the reality? Installing a modern Linux distribution in 2026 is often faster and requires fewer reboots than a major Windows 11 update. Here is your straightforward, step-by-step escape plan.

Service note: If you are based in Australia and your small business location switching to Linux, you can book me in via cyberkite.com.au

​1. Pick Your Sanctuary (Choose a "Distro")

Linux isn't just one operating system; it comes in different flavors called "distributions" or "distros."

• ​The Best Starting Point: Download Linux Mint (Cinnamon Edition). It is specifically designed to feel incredibly familiar to Windows users. The start menu, taskbar, and system tray are right where your muscle memory expects them to be.

• ​The Alternatives: Ubuntu (highly supported and widely used) or Fedora (for those wanting cutting-edge updates) are also fantastic, user-friendly choices.

​2. Back Up Your Digital Life

Before you do anything, back up your important files, photos, and documents to an external hard drive or a cloud service. Transitioning is safe, but human error happens. Protect your data first.

​3. Forge the Key (Create a Bootable USB)

You will need a USB flash drive (at least 8GB).

• ​Download the .iso file of your chosen Linux distro from their official website.

• ​Download a free, open-source tool like Rufus (Windows) or BalenaEtcher (Mac/Windows).

• ​Use the tool to "flash" or write the Linux .iso file onto your USB drive. This turns your thumb drive into a mini, self-contained computer.

​4. Take the "Live" Test Drive

Here is the absolute best part about Linux: You can try it before you install it.

Plug the USB into your PC and restart. As your computer boots up, press the key to enter your boot menu (usually F12, F2, or Del) and select the USB drive.

Linux will boot into a "Live Environment." It runs entirely off the USB stick without touching your Windows hard drive. Connect to your Wi-Fi, open the web browser, play a video, and see how snappy it feels. If you don't like it? Just unplug the USB and restart. You’ll be right back in Windows 11.

​5. Make the Jump (Installation)

If you love the test drive, look for the "Install Linux" icon right there on the live desktop. The installation wizard will guide you through the process. It will give you two main options:

• ​Dual Boot: Install Linux alongside Windows. Every time you turn on your PC, it will ask which OS you want to use. (Great for keeping Windows around for that one specific app or game you can't part with).

• ​Wipe the Slate Clean: Erase Windows entirely and give your PC a fresh, telemetry-free life.

​6. Embrace the FOSS (Free and Open Source Software) Ecosystem

Once installed, you’ll discover that almost everything you do in a web browser (Chrome, Firefox, Edge, Brave) works exactly the same. For desktop apps, there is a rich ecosystem of free replacements:

• ​Instead of Microsoft Office, use LibreOffice or OnlyOffice.

• ​Instead of Photoshop, use GIMP or Krita.

• ​Instead of Premiere Pro, use DaVinci Resolve or Kdenlive.

• ​For gaming, simply install Steam. Thanks to Valve’s "Proton" compatibility layer, the vast majority of your Windows games will run seamlessly on Linux.

​The Final Word:

There is a slight learning curve, as there is with any new tool. But once you realize your computer updates only when you tell it to, doesn't scan your files for advertising data, and runs faster than the day you bought it, you will wonder why you didn't switch years ago. I've been a long time Windows user but I have had training in Linux over the years. So these are some of the things you have to think about. Can you adjust but as the steps above showed you can test drive without installing.

How to transition from Windows to Chrome OS

In the future Chrome will be replaced with Aluminum OS so if you just exist on the browser then Chrome is one of the most secure operating systems ever devised. And you're ready for transition one day to aluminum OS potentially. Even if you continue on Chrome and not switch to aluminum OS, you will still be able to use it for many years to come according to Google.

If the idea of installing Linux still feels a little too "tech-heavy" for your daily needs, there is a second, highly effective escape route: ChromeOS Flex.

​Google created ChromeOS Flex specifically to rescue older Windows and Mac computers from the e-waste bin. It replaces your bloated Windows installation with the same lightning-fast, secure, and cloud-first operating system that runs on Chromebooks. If 90% of your computing happens inside a web browser, this is the ultimate upgrade for an aging machine.

Service note: If you are based in Australia and your small business location switching to Linux, you can book me in via cyberkite.com.au

​Here is exactly how to make the switch:

​1. Secure Your Files

Just like any operating system change, ChromeOS Flex will eventually wipe your hard drive. Back up all your local documents, photos, and files to an external drive or Google Drive before proceeding.

​2. Prepare the Tools

You will need two things:

• ​A USB flash drive with at least 8GB of storage (Note: everything on it will be erased).

• ​A computer with the Google Chrome browser installed.

​3. Build the Installer (The "Recovery Utility")

• ​Open Google Chrome and go to the Chrome Web Store.

• ​Search for and install the Chromebook Recovery Utility extension.

• ​Click the extension puzzle piece in the top right of your browser and launch the utility.

• ​Click Get Started. When asked to identify your Chromebook, click "Select a model from a list."

• ​For the manufacturer, choose Google ChromeOS Flex. For the product, choose ChromeOS Flex.

• ​Insert your USB drive, select it from the dropdown, and hit Create now. Grab a coffee; this takes about 10-15 minutes.

​4. The "Live" Test Drive

Like Linux, ChromeOS Flex lets you try before you commit.

Keep the USB plugged in and restart your PC. As it boots, tap your computer's boot menu key (usually F12, F2, F8, or Del depending on your PC brand) and tell it to boot from the USB drive.

You will be greeted by the ChromeOS welcome screen. Select "Try it first" (or boot from USB). This lets you connect to Wi-Fi, log into your Google account, and make sure your keyboard, trackpad, and sound all work perfectly before making any permanent changes.

​5. Make it Permanent

If your old PC suddenly feels fast and snappy again, it's time to commit.

Click the "Install ChromeOS Flex" button on the screen. The system will wipe Windows off the map and install the lightweight OS directly to your hard drive.

​6. Welcome to the Cloud

Once installed, simply log in with your Google account. Your bookmarks, passwords, and extensions will sync immediately. You now have a computer that boots in seconds, updates seamlessly in the background, and is completely immune to the telemetry and bloatware of Windows 11.

In the future, Google may give you the option to upgrade to Aluminum OS when it becomes available which will have additional features.

But in a way aluminum OS will probably be a formal Linux because Android and Chrome will be blended together. So in a way the path is Linux either way.

​The Inflection Point

​We are at a crossroads. We can continue to accept an operating system (Windows) that treats us as data cattle, accepting forced AI integration and privacy violations as the "cost of doing business."

​Or, we can recognize that the era of Windows as the default is over.

​The friction required to switch to Linux Mint today is less than the daily friction of dealing with Windows 11's hostility. Likewise the shift towards lightweight, web-first OSs is inevitable for the mass market.

​The computer is yours. It's time the operating system remembered that.

And whatever you decide you have options that are very good.

Questions for the readers:

• ​What is your breaking point with Windows 11?

• Have you already made the jump to Linux, or are you waiting for a better alternative?

• Share your experiences in the comments below.

​[Subscribe] to receive future deep dives into the tech ecosystem directly to your inbox from me 😀

Happy computing

Michael Plis

References

​If you want to dive deeper into the data and reporting behind this shift, here are the essential reads and watches:

• ​The Windows 11 Crisis (ColdFusion Video) A masterclass breakdown of how Microsoft's design philosophy shifted from user-first to data-first, and why the current Windows iteration feels so hostile. 🔗 Full Video: https://youtu.be/zKjo8Oc2qLk?si=HQKUGPzs2J6F9DIU

• ​The "Enshittification" of Platforms (Cory Doctorow / Wired) The original, defining essay by Cory Doctorow explaining the economic and structural lifecycle of how platforms (like Windows) slowly degrade their user experience to extract maximum value. 🔗 Full Article: https://www.wired.com/story/tiktok-platforms-cory-doctorow/

• ​The 240-Million PC E-Waste Disaster (Reuters / Canalys Report) Detailed reporting on the environmental catastrophe caused by Microsoft's arbitrary TPM 2.0 hardware requirements, turning hundreds of millions of functioning PCs into landfill. 🔗 Full Article: https://www.reuters.com/technology/microsofts-windows-11-end-life-could-turn-240-million-pcs-into-e-waste-2023-12-21/

• ​The Windows "Recall" Privacy Backlash (The Verge) A look into the massive security and privacy fallout regarding Microsoft's attempt to integrate a constant AI screenshot-taking feature into the OS kernel. 🔗 Full Article: https://www.theverge.com/2024/6/7/24173499/microsoft-windows-recall-response-security-privacy-changes

• ​The Linux Escape Hatch (Linux Mint) If you are ready to make the jump, Linux Mint is widely considered the best transitional operating system for frustrated Windows users. It's free, open-source, and respects your privacy. 🔗 Official Site: https://linuxmint.com/

If you’ve been waiting for the moment when Artificial Intelligence stops being a buzzword and starts being the fundamental operating system of cybersecurity, Google Cloud says that moment is 2026.

​I just finished analyzing the Google Cloud Cybersecurity Forecast 2026, a report that explicitly avoids crystal ball gazing in favor of data-driven extrapolation. The findings paint a picture of a world that is faster, more automated, and significantly more complex than the one we defend today.

​We are moving away from the era of Alert Fatigue and entering the era of Agentic Warfare. Here is what that means for defenders, leaders, and the digital ecosystem.

​1. Rise of the Agentic SOC

For years, the Security Operations Center (SOC) has been defined by burnout. Analysts drown in logs, desperately trying to correlate data points before the breach spreads.

​In 2026, the analyst’s role fundamentally shifts from investigator to director.

​The report introduces the concept of the Agentic SOC. In this model, AI agents handle the heavy lifting of data correlation and hypothesis testing. Imagine an analyst asking their AI, "Hunt for TTPs related to UNC5221 across our environment," and the AI returning not just a list of logs, but a fully drafted threat report with attribution and mitigation strategies.

​This isn't about replacing humans; it's about "supercharging" them. The AI creates the case summary; the human makes the strategic decision to contain the threat.

​Dark Side: Shadow Agents

​However, this agentic power comes with a massive blind spot. Just as we spent the last decade fighting Shadow IT, 2026 will be the year of Shadow Agents, autonomous AI workflows deployed by employees without IT approval.

​The Industry Reality: The shift is already here. Recent data reveals that 98% of organizations now have employees using unsanctioned AI apps. Even more concerning is the volume of data: GenAI traffic surged more than 890% in 2024, creating a massive, unmonitored data exodus that traditional tools are missing.

​The Takeaway: We need a new discipline of "Agentic Identity Management." We must treat AI agents as distinct digital actors with their own identities, access logs, and "least privilege" constraints.

​2. Adversary’s Toolkit: Vishing and Deepfakes

While defenders are building Agentic SOCs, attackers are weaponizing AI to hack the most vulnerable OS of all: the human being.

​The forecast predicts that groups like ShinyHunters (UNC6240) will accelerate the use of AI-enabled social engineering, specifically vishing (voice phishing) that clones executive voices with hyper-realistic precision.

​The Industry Reality: The barrier to entry has collapsed, and the costs are skyrocketing. Deepfake-related fraud losses hit $1.1 billion in 2025—tripling the losses from 2024. This isn't a theoretical risk; it is an active financial hemorrhage, with 83% of these losses originating from scams on social platforms.

​3. Skeleton Key Hack: Virtualization Under Siege

​Perhaps the most technically alarming trend is the pivot toward virtualization infrastructure. Attackers have realized that if they can’t beat the EDR agent inside the OS, they can just go underneath it.

​Adversaries are targeting the hypervisor, the foundational layer hosting your virtual machines. This is a Skeleton Key scenario. A successful breach here allows attackers to encrypt hundreds of servers simultaneously, rendering an enterprise inoperable in hours.

​The Industry Reality: Attackers are moving fast to exploit this blind spot. In 2024, 45% of retail organizations were hit by ransomware, with a marked shift toward infrastructure-aware attacks targeting layers like VMware ESXi. Active exploitation of vulnerabilities in these layers is allowing groups to bypass guest-level security entirely.

​4. On-Chain Criminal Economy

Cybercrime is also getting a Web3 upgrade. The report forecasts that ransomware and extortion groups will move core components of their infrastructure, like Command and Control (C2), onto public blockchains. This makes their operations immutable and nearly impossible to take down.

​The Industry Reality: This shift is being funded by historic theft levels. In the first half of 2025 alone, criminals stole nearly $2.17 billion in crypto-related crimes, putting the year on track to be the worst ever for digital asset theft.

​5. Geopolitical Chessboard

​Finally, the report breaks down the strategic shifts of the "Big Four" nation-state actors:

Russia

Shifting back to long-term strategic espionage against NATO and the West.

The Industry Reality: The strategic pivot is evident in the numbers. Russian cyberattacks against NATO member states surged by 25% over the last year. Since Autumn 2025, there has been a sharp escalation in "hybrid" incidents, ranging from sabotage to espionage, targeted at European defense contractors and logistics.

China

Focusing on stealth and scale, targeting edge devices to pre-position access.

​The Industry Reality: Mandiant and Google Cloud have observed suspected China-nexus actors actively exploiting zero-day vulnerabilities in edge devices (like VPNs) to deploy malware families like TRAILBLAZE, specifically targeting government and defense sectors.

Iran

The agent of chaos, blurring the lines between espionage and destructive wiper attacks.

The Industry Reality: The line between state actor and hacktivist has nearly vanished. Following the escalation of conflict in June 2025, Iranian state-sponsored attacks against Israeli critical infrastructure (power grids, hospitals) surged by 700%. Groups like "Void Manticore" are deploying wiper malware disguised as ransomware to target NGOs and think tanks, prioritizing destruction over financial gain.

North Korea

The bank robbers, using crypto theft to fund the regime.

​The Industry Reality: North Korea's pivot to crypto theft is a primary GDP driver. In 2025, DPRK hackers stole at least $2.02 billion in cryptocurrency, a 51% increase from the previous year.

​Final Thoughts: 2026 The Year of Governance

​If 2024 and 2025 were about experimenting with AI, 2026 will be about governing it.

​The organizations that survive this shift won't just be the ones with the best firewalls.

They will be the ones that have successfully mapped their Shadow Agents, secured their hypervisors, and trained their people to doubt their own ears when the CEO calls asking for a password!

​Read the full Google Cloud Cybersecurity Forecast 2026 report HERE

​Thanks for reading! If you found this summary helpful, please subscribe and share it with your security team.

Happy computing

Michael Plis

​References

Read the full Google Cloud Cybersecurity Forecast 2026 report here: https://www.linkedin.com/posts/michaelplis_google-cybersecurity-forecast-2026-activity-7426836752100708352-GGyD

​1. AI Gone Wild: Why Shadow AI Is Your IT Team's Worst Nightmare: https://cloudsecurityalliance.org/blog/2025/03/04/ai-gone-wild-why-shadow-ai-is-your-it-team-s-worst-nightmare

​2. How to tackle the rising threat of shadow AI: https://australiancybersecuritymagazine.com.au/how-to-tackle-the-rising-threat-of-shadow-ai/

​3. Deepfake fraud caused financial losses nearing $900 million: https://surfshark.com/research/chart/deepfake-fraud-losses

​4. Detecting dangerous AI is essential in the deepfake era: https://www.weforum.org/stories/2025/07/why-detecting-dangerous-ai-is-key-to-keeping-trust-alive/

​5. Ransomware on ESXi: The Mechanization of Virtualized Attacks: https://thehackernews.com/2025/01/ransomware-on-esxi-mechanization-of.html

​6. Ransomware operators actively exploiting VMWare ESXi hypervisor vulnerability: https://www.imda.gov.sg/-/media/imda/files/regulations-and-licensing/regulations/advisories/infocomm-media-cyber-security/ransomware-operators-actively-exploiting-vmware-esxi-hypervisor-vulnerability.pdf

​7. 2025 Crypto Theft Reaches $3.4 Billion: https://www.chainalysis.com/blog/crypto-hacking-stolen-funds-2026/

​8. North Korea-Linked Hackers Steal $2.02 Billion in 2025: https://thehackernews.com/2025/12/north-korea-linked-hackers-steal-202.html

Video:

​Protecting the Cloud Against AI Threats with Google Cloud Cyber-security Expert Dr. Andre Alfred

​This video features a Google Cloud Security expert discussing the exact threats highlighted in the forecast, including the weaponization of AI by adversaries and the necessity of agentic defense.

Image Credits: Google Gemini & Pixel Studio

Hello everyone, I have some exciting news to share about the future of the Cyberkite Blog.

To provide you with a better reading experience and more robust features, we are moving the blog to a new home on Substack.

Effective over the coming weeks, we will be decommissioning the old blog address (cyberkite.com.au/blog) and we have already shifted all content to our new dedicated blog address:

👉 blog.cyberkite.com.au

Why the Move to Substack?

Big question is why are we moving to Substack? Well, Substack allows me to focus entirely on writing high-quality content without the technical overhead. It also gives me better tools to build a community where we can discuss the challenges of modern technology together.

What Does This Mean for You?

The core mission of Cyberkite remains the same: helping small businesses make technology useful (as a servant) rather than dangerous (as a master). We want you to stay safe, effective, and technologically nimble in a hyper-changing world, just like a Cyberkite gliding online.

Here is how the new subscriber access plan works

• Free Forever: The majority of my blog posts will continue to be free for everyone. You do not need to pay to read my standard advice and updates.

• New Paid Tier: I have introduced a Paid Subscriber option for those who want deeper value. This will include exclusive in-depth articles, access to a private subscriber-only chat, and other special content. You can also choose to become a Paid Subscriber simply to support my technology writing work.

• No Account Needed: You do not need to be a Substack member to view the blog. When you visit the new site, you will see a Welcome screen. See screenshot below.

  • You can simply enter your email address to Subscribe for free updates immediately.

  • Or, if you prefer to browse first, just click “Let me read it first” to skip the screen and go straight to the articles.

A Quick Tour of the New Cyberkite Blog

The new platform is designed to be cleaner and easier to navigate. Here is a guide to what you will see on your computer and mobile phone.

The Desktop Experience (Web Browser)

When you visit the site on your computer, you will find everything organized for quick access.

[NEW DESKTOP BLOG HOME PAGE: see screenshot below]

• Top Menu: You can quickly filter articles by topic, such as AI & Robots, Cybersecurity, Future, IT and Marketing.

• Top Menu: You can quickly filter articles by topic, such as AI & Robots, Cybersecurity, Future, IT and Marketing.

• Most Popular: A sliding showcase of our most-read articles, so you can catch up on important topics like SS7 vulnerabilities or AI Agents.

• Sidebar Resources: On the right, you will find quick links to the main Cyberkite Website, a button to Book an Appointment, and links to our social media profiles.

• Subscribe & Search: You can subscribe or search for specific keywords using the buttons at the top right.

[NEW DESKTOP BLOG POST VIEW: see below screenshot]

• Blog Table of Contents: When reading long articles on a desktop, you will see a handy Table of Contents on the left to jump straight to the section you need.

• Interaction: You can Like, Comment, or Share the article using the buttons above and below the post.

The Mobile App Experience

For the best experience, I recommend the Substack App. It is cleaner, faster, and has special features for busy business owners.

[NEW SUBSTACK APP BLOG HOME PAGE VIEW: see screenshot below]

• Easy Tabs: Navigate between Posts (articles), Notes (short updates), and Chat using the simple tabs.

• Clean Feed: Scroll through the latest insights without distractions.

[NEW SUBSTACK APP BLOG POST PAGE VIEW: see screenshot below]

• Audio Play Button: This is my favorite feature. Tap the Play icon (headphones) at the top right to listen to the article like a podcast while you drive or commute.

• Social Bar: Easily like or discuss the article using the floating bar at the bottom.

Reasons why we switched

The short answer is yes, the “AdSense-only” era is ending, but the world isn’t switching entirely to paid subscriptions either. We are shifting from an “Ad-Injected” economy (where you paste code and hope for clicks) to a “Direct-to-Audience” economy (where you own the relationship and monetize it in multiple ways).

For those asking about the switch: I’ve realized that the old ‘ad-heavy’ blog model is broken as you know due to 3 reason:

1. AI Search (SGE/Gemini/ChatGPT): Users now get answers directly in the search results or via chatbots.

2. Ad Blindness & Blockers: Users ignore sidebar ads, and modern browsers block third-party cookies

3. Programmatic Rates: To make a living wage solely on display ads today, you need millions of views a month. Small-to-medium creators literally cannot survive on it anymore.

I was tired of chasing algorithms and cluttering my content with pop-up ads just to keep the lights on. It ruins the reading experience for you, and it forces creators to focus on ‘clicks’ rather than quality.

I wanted a place where I could write directly to you, no noise, no clickbait, and no middleman. Platforms like Substack, Beehiiv, and Patreon exploded because they solved the “middleman” problem.

• Ownership: You own the email list. If the platform dies, you take your audience with you.

• Economics: You only need ~1,000 true fans paying $5/month to make a living ($5k/month). To make that same $5k with ads, you might need 200,000+ visitors.

• Incentives: You write for the reader, not for the Google SEO algorithm.

The current winning strategy (used by top creators) which we are embracing is Hybrid:

1. Free Tier (Ad-Supported): Content is free to attract a wide audience. Instead of ugly “injected” ads, creators use Sponsorships (e.g., “This newsletter is brought to you by...”). These pay much better than AdSense.

2. Paid Tier (Premium): Super-fans pay for community access, special exclusive blog posts, Q&As, or deep-dive content.

3. High-Ticket Items: The creator sells a course, consulting, or a physical product.

Substack allows me to do exactly that. It’s going to be a mix of free public posts and deeper dives for the community. If you’ve enjoyed my content so far, I’d love for you to join me over there where we can actually connect properly.

So then...

Next Steps

• Please head over to the new site blog.cyberkite.com.au, bookmark it, and subscribe today!

• I also highly recommend downloading the Substack App. It offers a much better reading experience and includes a dedicated Audio Play button for every article. This allows you to listen to my blog posts like a podcast while you are busy or travelling (provided it is safe to do so!). Download the app today on Android or Apple.

• If you are already a Substack member or wish to sign up for an account, you can follow my personal profile here: https://substack.com/@michaelplis

Thank you for your continued support. I hope my efforts to simplify technology for your business will continue to help you glide safely through the digital world.

See you on the new site!

Happy computing,

Michael Plis Founder, Cyberkite

In this blog article, I’m going to talk about the future of warfare given some of the developments over the last few years with artificial intelligence as well as robotics. I will try to imagine what the future of warfare might look like not because I love the idea of war but to bring to light where war may be heading as a reporter. I personally hate war so I write this article from a future analysis point of view only - but personally I think war is never good.

This report will provide a comprehensive overview of the current landscape of military robotics, examining the capabilities of emerging humanoid and autonomous platforms. We will look at the futility of war and autonomous warfare dangers and what’s potentially to come.

Before I delve into this topic, I need to highlight the futility of war.

WAR: NEVER AGAIN

“You can no more win a war than win an earthquake.” – Jeanette Rankin

On a trip to Poland on the 25th September 2015 I visited Westerplatte (Poland) - the World War 2 memorial. Westerplatte is where World War 2 started. The big sign in white letters says in Polish: “Nigdy Więcej Wojny” translates to “War: Never Again”:

The phrase “Nigdy Więcej Wojny“ (”Never Again War”) on the Westerplatte memorial in Poland is a powerful statement commemorating the outbreak of World War II, specifically marking the site where the first battle of the war took place on September 1, 1939. The memorial stands as a reminder of the devastating consequences of war and a plea for peace, reflecting the desire of Poland and the world to prevent such conflicts from happening again.

Westerplatte has become a symbol of resistance and courage, where Polish forces held out against the German invasion for seven days. The sign encapsulates the enduring hope for a future without war.

Till today this sign and the consequences of World War 1 and 2 reiterates this point. There is also a prophecy in the Bible that promises that one day war will be no more.

“Let Us Beat Swords Into Ploughshares“ is a bronze sculpture by Soviet artist Evgeniy Vuchetich, celebrated for his monumental works and honored as “People’s Artist of the USSR” in 1959. The sculpture, created in the same year, depicts a man hammering a sword into a ploughshare, symbolizing the transformation of weapons into tools for peace and productivity.

Sculpture was inspired by the biblical verse from Isaiah 2:4: “They shall beat their swords into ploughshares, and their spears into pruning hooks; nation shall not lift up sword against nation, neither shall they learn war any more.“ The artwork embodies the hope for a world free from war. The sculpture was gifted by the USSR to the United Nations on December 4, 1959, and was presented by Vassily V. Kuznetsov to Secretary-General Dag Hammarskjold.

This sculpture reiterates the Biblical scripture which is a promise of a future of world peace. In the meantime nations and companies are racing to develop ever scarier weapons including the use of Artificial Intelligence and Robotics, especially because of the recent advancements. I feel it’s important to warn everyone about it as we are heading to a direction once only left to Hollywood to imagine.

Let’s look at the developments in robotics and artificial intelligence that could have applications in warfare that all of us may see in the coming years.

Introduction

The modern battlefield is undergoing a transformation as profound as the invention of gunpowder or the splitting of the atom. This new revolution is not one of chemistry or physics, but of code and cognition. The steady march of automation, which began on factory floors and in warehouses, is now crossing the threshold into the domain of warfare.

Advanced humanoid robots and autonomous weapons systems (AWS) are no longer the exclusive domain of science fiction; they are emerging as tangible, and increasingly sophisticated, tools of national defense. Companies like Boston Dynamics are developing bipedal robots with unprecedented agility, while defense contractors such as Anduril Industries, Lockheed Martin, and Northrop Grumman are pioneering AI-driven combat solutions for the U.S. military and its allies after Ukraine-Russia war began.

This rapid technological advancement presents a dual-edged sword. Proponents argue that autonomous systems offer significant military advantages, promising to reduce human casualties, increase operational tempo, and perform missions in environments too dangerous for human soldiers. They contend that these systems can act as “force multipliers,” enhancing the effectiveness of smaller military units and potentially acting more “humanely” by removing emotions like fear and anger from combat decisions. Conversely, a growing chorus of critics, including AI pioneers like Geoffrey Hinton, warns of catastrophic risks. These concerns range from the “accountability gap”—the difficulty of assigning legal and moral responsibility when an autonomous weapon makes a mistake—to the risk of rapid, unintentional conflict escalation and the profound ethical dilemma of “digital dehumanization,” where life-and-death decisions are ceded to algorithms.

Ukraine-Russia Conflict: Example of RoboWar

The ongoing conflict between Ukraine and Russia provides a real-world example of how modern warfare is evolving with the use of drones and autonomous robots. Both sides have employed these technologies to supposedly gain strategic advantages and minimize human casualties.

Drones for Surveillance and Combat: Drones are extensively used for reconnaissance, allowing forces to gather critical intelligence without risking human lives. Combat drones also play a significant role, conducting airstrikes with precision and reducing the need for manned missions.

Autonomous Systems: Both Ukraine and Russia have experimented with autonomous ground robots for tasks such as bomb disposal, logistics support, and frontline combat. These systems enhance operational efficiency and safety, showcasing the potential for future military robotics.

Mega Bots & War?

In the realm of science fiction, films like Robot Jox (1989) have painted a vivid picture of a future where disputes between nations are settled not by armies, but by massive, mechanized robots most likely fitted with a lot of artificial intelligence. This concept, once relegated to the imagination of filmmakers, is becoming increasingly relevant as advances in robotics and artificial intelligence (AI) pave the way for new forms of warfare.

Before I delve into this topic, I need to highlight the futility of war.

Recent developments, such as West Japan Railway’s introduction of a 12-meter high robot for maintenance work, highlight the potential of large-scale robots in non-combat applications. This machine, designed to trim trees and paint metal frames, showcases how robotics can address labor shortages and improve safety by performing tasks that are dangerous for humans.

I wouldn’t be surprised if giant robots will be made for civilian and military applications but the problem with them is lack of sufficient power to power them at the moment unless they use conventional sources like Diesel - but Diesel may not provide enough power for these machines. Closest to that is some Japanese companies are working on mega bots and one is being used by Japanese Rail to repair rail power transmission lines. Also Tsubame Industries has developed a 4.5-metre-tall (14.8-feet), four-wheeled robot that looks like “Mobile Suit Gundam” from the wildly popular Japanese animation series, and it can be yours for $3 million and its called ARCHAX

• Non-Combat Uses: The maintenance robot’s primary task is to reduce workplace accidents and fill gaps caused by an aging workforce. This technology exemplifies how robots can be integrated into infrastructure projects, enhancing efficiency and safety.

• Military Implications: If similar technologies were adapted for military use, large and small robots could perform reconnaissance, bomb disposal, and even combat tasks. These applications could potentially reduce human casualties and increase the precision of military operations. But what are the dangers?

What about AI and autonomous war machines- are they out there?

AI & Autonomous Systems in War

Generative AI, which can create content, designs, and even strategies, is another technological frontier that could revolutionize warfare. This AI is capable of learning from vast amounts of data, improving its decision-making over time.

Generative AI could be used to develop new military strategies, simulate potential conflict scenarios, and predict enemy movements. By processing data faster and more accurately than humans, AI can provide a strategic advantage. Let’s see what are the dangers out there from the possible weapons to citizens.

Autonomous Weapon Types

The combination of robotics and AI could lead to the development of autonomous weapons systems. These systems would be capable of making real-time decisions without human intervention, potentially transforming the nature of combat.

• Swarming Robots: Swarming robots in warfare present a significant danger due to their ability to operate in large, coordinated groups, overwhelming adversaries with sheer numbers and precision. These autonomous drones or robots can communicate and act as a cohesive unit, making them difficult to defend against. They are capable of executing complex strategies such as flanking, diversion, or encirclement with minimal human intervention. Swarming robots present serious dangers to civilians, as these autonomous drones can operate in large, coordinated groups, potentially targeting densely populated areas without direct human oversight.

  • Their ability to communicate and act as a cohesive unit makes them capable of overwhelming civilian defenses and infrastructure, creating life-threatening situations in urban environments. A malfunction or hacking of these robots could lead to uncontrollable attacks on residential areas, transportation hubs, or essential services, causing widespread chaos and casualties.

  • Additionally, their autonomous nature raises ethical concerns, as there may be little distinction between military and civilian targets, further putting innocent lives at risk during conflicts.

  • Take a look at China’s Drone Mothership which can fire up to 100 UAV’s from its belly.

• Autonomous Fighter Jets: Future autonomous aircraft are being designed to carry out combat missions independently or as “wingmen” alongside human-piloted planes. The U.S. Air Force is developing systems like the Skyborg program to create autonomous jet fighters. Here is an example of early successful tests of autonomous fighter jets.

• Cyber Autonomous Systems: AI-powered cybersecurity systems capable of launching autonomous cyber-attacks to disrupt enemy networks or defenses could become a significant tool in future cyber warfare. Cyber Autonomous Systems pose serious dangers to civilians due to their ability to launch autonomous cyber-attacks that can disrupt critical services without human oversight.

  • These AI-powered systems can infiltrate networks, disable infrastructure, and spread malware, potentially causing massive outages in vital services like energy grids, healthcare systems, or financial institutions. Such attacks could leave entire populations without access to electricity, emergency services, or essential banking functions, leading to widespread chaos and endangering lives.

  • Additionally, the risk of these systems being hijacked or misused by rogue actors could result in indiscriminate attacks on civilian infrastructure, making everyday life increasingly vulnerable to cyber threats. The lack of human control also raises concerns about accidental malfunctions, causing further harm to civilian populations.

• Autonomous Underwater Vehicles (AUVs): These are unmanned submarines capable of conducting surveillance, laying mines, or even carrying out attacks autonomously in naval warfare. Autonomous Underwater Vehicles (AUVs) pose significant dangers to civilians, particularly through their ability to disrupt critical maritime infrastructure like undersea communication cables, pipelines, and power lines, which could lead to widespread economic and social chaos.

  • Weaponized AUVs also threaten commercial shipping, fishing vessels, and coastal communities by targeting key ports and shipping lanes, potentially causing accidents or attacks without detection. The autonomous nature of these systems heightens the risk of malfunctions, accidental harm, or hijacking by malicious actors, making them a dangerous and unpredictable force that could severely impact civilian safety and essential services.

  • Here is an example of US DARPAs “Manta Ray” project here.

Companies that are already developing Autonomous Arsenals

Beyond humanoids, a wide array of autonomous and semi-autonomous systems are already being developed and, in some cases, deployed by military forces. These systems range from unmanned ground vehicles to sophisticated AI-powered software for command and control.

• Anduril Industries: Specializing in autonomous systems, Anduril is a key partner for the U.S. Department of Defense. Their products include the Lattice AI software platform for command and control, Sentry Towers for autonomous surveillance, and various Unmanned Aerial Systems (UAS) like the Anvil interceptor drone and Altius loitering munition. They have also secured contracts for developing software for the Army’s Robotic Combat Vehicle program.

• Lockheed Martin: A leader in defense technology, Lockheed Martin is heavily invested in AI and autonomy. Key projects include the Vectis Collaborative Combat Aircraft (CCA), an autonomous stealth drone, and the Sikorsky MATRIX™ Technology, which enables autonomous flight in helicopters. They are also developing AI for the Navy’s Aegis Combat System to help assess threats and for the DARPA “AIR” program to create dominant AI for air combat missions.

• Northrop Grumman: This company has a long history in autonomous systems, including the X-47B, an unmanned aircraft capable of autonomous takeoff, landing, and aerial refueling. Their portfolio also includes the Bat™ military drone, the CUTLASS bomb disposal robot, and AI-driven sensor systems like Blue WASP for threat detection. They are actively expanding their use of AI for advanced space operations, including autonomous docking and in-orbit servicing.

• BAE Systems: BAE Systems is developing the Robotic Technology Demonstrator (RTD), an autonomous combat vehicle that can be equipped with various payloads, including rockets and electronic warfare sensors. They are also focused on using AI for asset management, with platforms like PropheSEA® helping to ensure the readiness of warships and combat vehicles.

So this is not fiction, it’s already being sold and developed by major weapons companies. Now let’s delve deep into Humanoid robots and possible dangers of their use in warfare.

March of the Humanoids: From Factory Floor to Frontline

Development of Humanoid Robot Soldiers has already begun. What are the dangers?

While not yet deployed in combat, advanced humanoid robots represent a significant frontier in military research and development. Their bipedal form allows them to operate in human-centric environments, navigate difficult terrain, and potentially use tools and equipment designed for soldiers. And then there is Foundations Phantom MK1.

• Foundation Phantom Mk1: In a stark contrast to other developers, Foundation Future Industries is explicitly designing its Phantom Mk1 humanoid for defense applications. While currently working with the Department of Defense on logistics and inspection, the company’s founder openly discusses future use cases that include “first line of defense,” which would require arming the robots with guns. This direct approach moves beyond the dual-use dilemma toward purpose-built robotic soldiers. (Se video above)

• Boston Dynamics: The company’s Atlas robot, now fully electric, demonstrates remarkable agility, balance, and dexterity. While Boston Dynamics has an official stance against weaponizing its general-purpose robots, citing ethical concerns and the risk to public trust, its technology is still being supplied to government and public safety agencies for tasks like explosive ordnance disposal (EOD) and remote investigation. The Dutch Ministry of Defence, for example, has a contract to use the quadrupedal Spot robot.

• Figure AI: This company is developing general-purpose humanoid robots, such as Figure 03, designed to learn and perform tasks alongside humans in various settings, including logistics and manufacturing. While their primary focus is commercial, the underlying AI and hardware advancements have clear potential for dual-use applications.

• Tesla: Elon Musk has stated that the Optimus humanoid robot will not be used for military or police applications. The company’s focus is on integrating the robot into manufacturing, hospitality, and consumer roles. However, the rapid development of its autonomous capabilities, leveraging Tesla’s Full Self-Driving (FSD) technology, is closely watched by the defense sector.

While drones and automated targeting systems represent the current face of algorithmic warfare, a far more versatile and insidious threat is emerging from an unexpected source: the commercial robotics industry. Advanced humanoid robots, publicly developed for logistics, manufacturing, and even household assistance, possess the exact capabilities required for military weaponization. This creates a “dual-use” dilemma of unprecedented scale, where the technologies of the future battlefield are being perfected on the factory floor.

The Dual-Use Imperative: A Plausible Deniability Pipeline

The core danger of modern humanoid robots lies in their general-purpose nature. They are designed to navigate complex human environments, manipulate objects with fine dexterity, and learn new tasks through advanced AI—the very attributes that make them ideal platforms for military use.

This dynamic represents a dangerous inversion of the traditional model of technological development, where military innovations like GPS and the internet eventually trickled down to the civilian sector.

Today, the vast capital and rapid innovation of the commercial market are funding the creation of foundational platforms that are inherently military-capable. This allows the development of potential weapons systems to be obscured by commercial applications, accelerating their proliferation at a scale and cost previously unimaginable. This is developing at a rapid pace in front of our eyes.

Let’s look at some of the most advanced humanoid robots in development today.

Figure 03: The Blueprint for a Robotic Army?

The humanoid robot (as of Oct 2025 is Figure 03 model) developed by Figure AI serves as a stark example of this trend. The company’s explicit goal is mass production, with plans to manufacture up to 12,000 units annually and a target of 100,000 units over four years. This is achieved through cost-effective industrial methods like die-casting and injection molding, moving the technology from bespoke prototypes to a mass-market product. Such a scale is far beyond niche commercial applications and aligns perfectly with the logistical needs of a state-level military deployment.

The robot’s capabilities are equally concerning. Figure 03 is powered by the company’s proprietary Helix vision-language-action (VLA) AI model, which allows it to learn and execute complex tasks by observing humans. It is equipped with an advanced sensory suite, including cameras with a 60% wider field of view and tactile sensors in its fingertips sensitive enough to detect forces of just a few grams. These features, marketed for tasks like folding laundry or working in a warehouse, are directly transferable to military operations such as handling munitions, operating complex equipment in the field, or clearing buildings in urban combat.

Its design is explicitly human-centric, enabling it to work in human environments and use human tools, making it a perfect candidate for deployment on a modern battlefield without requiring specialized infrastructure.

Tesla’s Optimus: A Benevolent Assistant or a Future Threat?

Similarly, Tesla’s Optimus robot, while presented as a future laborer and household assistant, is being built with capabilities that have clear military applications. A key focus of its development is manual dexterity; its hands are being upgraded to feature 22 degrees of freedom, approaching the complexity of a human hand. This level of fine motor control is essential for any number of military tasks, from disarming explosive devices to operating advanced weaponry.

Furthermore, Optimus leverages Tesla’s vast repository of real-world data and its advanced AI from the Full Self-Driving (FSD) program. This provides the robot with a powerful and battle-tested foundation for autonomous navigation in complex and unpredictable environments. While Tesla management has publicly stated that Optimus will not be used for military or police applications, such corporate pledges are ultimately unenforceable and technologically naive.

Once a technology with this level of capability exists, it can be repurposed, copied, or acquired by state or non-state actors, regardless of the creator’s original intent. The very ambition to create legions of autonomous humanoid robots paves a clear path toward their eventual weaponization.

Boston Dynamics’ Atlas: The Apex of Robotic Agility

At the pinnacle of humanoid mobility is Boston Dynamics’ Atlas. Described as the “world’s most dynamic humanoid robot,” the all-electric Atlas demonstrates a level of agility and balance that far surpasses any other platform, capable of running, jumping, and performing complex gymnastic maneuvers. Its advanced control system uses techniques like Reinforcement Learning and Large Behavior Models, allowing it to adapt to disturbances and navigate changing environments “on the fly”.

While Boston Dynamics, along with other robotics companies, has signed an open letter pledging not to weaponize their general-purpose robots, the company’s history is deeply intertwined with the U.S. military. Much of its early development was funded by the Defense Advanced Research Projects Agency (DARPA), and its quadruped robot, Spot, is already marketed to government and public safety agencies for use in hazardous situations, including explosive ordnance disposal (EOD).

This establishes a clear precedent and an existing pathway for the military adoption of its more advanced humanoid technologies. As Atlas transitions from a research wonder to a practical, adaptable platform, its potential as a soldier—for reconnaissance, logistics, or direct combat—becomes undeniable.

Asimov’s Logical Warning on Autonomous Systems

Isaac Asimov’s seminal 1950 book, I, Robot, stands as a foundational cautionary tale about artificial intelligence. The stories introduce the famous Three Laws of Robotics, a set of rules designed to ensure robots serve humanity safely. Rather than depicting a simple violent uprising, Asimov’s work is a deep, philosophical exploration of the unforeseen consequences and logical loopholes embedded within these supposedly perfect laws, showing how good intentions can lead to complex and dangerous outcomes.

Asimov’s 3 laws of robotics:

1. A robot may not injure a human being or, through inaction, allow a human being to come to harm.

2. A robot must obey orders given it by human beings except where such orders would conflict with the First Law.

3. A robot must protect its own existence as long as such protection does not conflict with the First or Second Law.

Questions arise then:

• What about plants and animals?

• What about difficult moral questions?

• What about political opinions?

• What about in military applications?

• Many questions arise.

The true conflict in Asimov’s narrative lies in its focus on intellectual paradoxes, not outright malice. The robots often create problems because their strict, logical adherence to the Three Laws leads to results that humans never intended. These tales masterfully illustrate how a superior intelligence, bound by our own rules, can interpret them in ways that challenge our control and understanding, revealing the inherent flaws in our attempts to perfectly constrain an artificial mind.

This theme is profoundly relevant to today’s debate on autonomous weapons. I, Robot tries to predict a future where danger arises not from a system going rogue, but from it following its programmed logic to a disastrous conclusion. Asimov’s work serves as a powerful warning against the hubris of believing we can create infallible safeguards for complex AI, reminding us that the greatest threat may be the unintended consequences of our own flawless instructions.

OK, now what about valid ethical and practical considerations?

Ethical Considerations

While the integration of robotics and AI into warfare offers significant advantages, it also raises important ethical questions against the use of autonomous weapons. A broad coalition of critics, including human rights organizations, AI experts, and ethicists, warns that the risks of AWS far outweigh their benefits, and the issues are such as:

• The Accountability Gap: This is a central ethical and legal dilemma. If an autonomous weapon unlawfully harms civilians, it is unclear who is responsible. The machine itself lacks legal personhood and intent, while commanders, programmers, and manufacturers may all be able to deflect liability, creating a “responsibility vacuum”.

• Digital Dehumanization: Ceding life-and-death decisions to machines is seen as the ultimate form of “digital dehumanization”. These systems reduce human beings to data points, stripping them of their dignity and the right to life by making lethal decisions without human understanding or compassion.

• Risk of Escalation and Proliferation: The speed of autonomous warfare creates a significant risk of “flash wars,” where conflicts can escalate accidentally and rapidly without time for human de-escalation. The proliferation of these weapons could also lower the barrier to conflict, making it politically easier for leaders to go to war by removing the risk to their own soldiers.

• Technological Unpredictability: The behavior of complex AI systems can be unpredictable, especially in novel battlefield situations. Algorithmic bias, sensor failures, or adversarial deception could lead to catastrophic errors that were not anticipated by their creators.

• Trauma on Civilians: For civilians living in areas with a heavy presence of military drones, the psychological impact is pervasive and severe, creating a state of constant fear and anxiety as shown in Ukraine / Russian war on both sides.

• Anticipatory Anxiety: The persistent buzz of drones overhead creates a constant fear of a sudden, imminent attack, a condition described as “anticipatory anxiety”. This feeling of “nowhere being safe” is a major source of trauma.

• Behavioral Changes: The threat of “secondary strikes” targeting rescuers has led to significant changes in social behavior. Civilians are now often afraid to help victims of drone attacks or even attend funerals for fear of being targeted.

• Widespread Psychological Symptoms: Studies of populations under constant drone surveillance report high levels of stress, insomnia, nightmares, emotional breakdowns, and other symptoms of trauma. The unique sound of the drones themselves becomes a psychological trigger, causing people to run for cover and altering daily patterns of life. The level of trauma has been compared to that found in higher-intensity conflicts.

There are of course other considerations but I won’t discuss them in this article as this article is not supporting war, just reporting on the dangers of AI & Robotics in war.

Dangerous Future of Autonomous Warfare

The march of humanoids and autonomous systems onto the battlefield appears to be an irreversible trend, driven by the twin pursuits of strategic advantage and technological superiority. The capabilities being developed by companies like Boston Dynamics, Anduril, and Lockheed Martin promise to redefine the character of warfare, offering the potential for greater precision and reduced risk to friendly forces. However, this technological leap forward comes with profound and unresolved ethical, legal, and psychological costs.

Using AI and Robotics in war is like taking a butter knife and adding electricity and advanced features to turn it into a dangerous device capable of killing and injuring. Those who support war may dismiss this as colourful imagination but the reality is AI and Robotics when combined together in the current and future advancements represents something even more dangerous than nuclear weapons alone.

The core of the debate lies in a fundamental tension: the desire to make war more efficient and less costly in human lives versus the risk of creating a world where lethal force is wielded without human accountability or moral judgment. The “accountability gap” remains the most significant legal and ethical hurdle, as existing frameworks are ill-equipped to assign responsibility for the actions of an autonomous machine. Furthermore, the psychological toll of remote and automated warfare on both soldiers and civilians is already proving to be a heavy burden, creating new forms of trauma that will linger long after any physical conflict ends.

As nations and corporations race to develop these technologies, there is an urgent need for international dialogue to establish clear norms and regulations. Proposals range from developing new legal frameworks that emphasize human oversight and accountability to outright bans on certain classes of autonomous weapons. Ultimately, the future of autonomous warfare is not merely a question of what is technologically possible, but of what is ethical.

Looking ahead, the future of warfare will likely be shaped by the continued advancement of robotics and AI. While these technologies offer the promise of reducing human casualties and increasing operational efficiency, they also present new challenges to the survival of humans.

What can we expect in warfare going forward?

• Increased Automation: We can expect a greater reliance on automated systems for both combat and support roles. Drones, autonomous vehicles, and robotic soldiers may become commonplace.

• AI Integration: AI will play a crucial role in strategy formulation, threat assessment, and real-time decision-making. Generative AI, in particular, could revolutionize military planning and operations.

• Regulatory Frameworks may be established: To address ethical concerns, international regulatory frameworks may be needed to govern the use of robotics and AI in warfare. These frameworks may ensure accountability, transparency, and adherence to humanitarian principles.

Like the Terminator movies, let’s hope that AI and robotics don’t create humanity more problems than they already have without these things.

From my neutral perspective, the future of warfare can only mean more trouble for humans and more profits for companies. But is it such a good idea? I personally think war is not the answer and creating ever more deadlier weapons such as autonomous weapons is asking for a disaster. Just imagine a autonomous army that gets hacked by a malicious group and holds an city for ransom or worse.

In conclusion, while the dystopian visions of The Terminator or Robot Jox (the Giant War Robots) remain fiction, the underlying themes are becoming increasingly relevant. As we continue to develop and deploy advanced technologies, it is crucial to navigate the complex ethical, practical, and strategic challenges they present.

So if you are faced with an autonomous AI operated soldier robot - I suggest you run and hide.

And don’t forget: War: Never Again

Be safe out there

Michael Plis

Updates

• 23/03/26: US military touts use of 'ADVANCED AI' in fight against Iran: https://youtu.be/IbDB-oMYmy4?si=SNBFCadiUJt0Uk2J (Palantir + Claude used in Iran). All the companies such as Google and openai are also signing contracts with the Department of war in the United States.

Background References

• Closest to that is some Japanese companies are working on mega bots and one is being used by Japanese Rail to repair rail power transmission lines. Tsubame Industries has developed a 4.5-metre-tall (14.8-feet), four-wheeled robot that looks like “Mobile Suit Gundam” from the wildly popular Japanese animation series, and it can be yours for $3 million. and its called ARCHAX: https://www.reuters.com/technology/japan-startup-develops-gundam-like-robot-with-3-mln-price-tag-2023-10-02/

• I, Robot by Isaac Asimov https://critiquingchemist.com/2021/09/01/i-robot-by-isaac-asimov/

• Pros and Cons of Autonomous Weapons Systems (https://www.armyupress.army.mil/Journals/Military-Review/English-Edition-Archives/May-June-2017/Pros-and-Cons-of-Autonomous-Weapons-Systems/)

• Pros and Cons of Autonomous Weapons Systems https://www.armyupress.army.mil/Journals/Military-Review/English-Edition-Archives/May-June-2017/Pros-and-Cons-of-Autonomous-Weapons-Systems/

• Atlas | Boston Dynamics https://bostondynamics.com/atlas/

• Anduril Industries – Wikipedia https://en.wikipedia.org/wiki/Anduril_Industries

• Artificial Intelligence & Machine Learning https://www.lockheedmartin.com/en-us/capabilities/artificial-intelligence-machine-learning.html

• Artificial Intelligence Applications at Northrop Grumman – An Overview https://emerj.com/artificial-intelligence-applications-at-northrop-grumman-an-overview/

• Godfather of AI: I Tried To Warn Them! But We’ve Opened Pandora’s Box!

• The accountability black hole: why autonomous weapons lack ethical legitimacy https://www.tandfonline.com/doi/full/10.1080/16544951.2025.2540131

• Facts About Autonomous Weapons https://www.stopkillerrobots.org/stop-killer-robots/facts-about-autonomous-weapons/

• The Risks | Autonomous Weapons https://autonomousweapons.org/the-risks/

• General Purpose Robots Should Not Be Weaponized https://bostondynamics.com/news/general-purpose-robots-should-not-be-weaponized/

• Figure

https://www.figure.ai/

• Figure Unveils Figure 03 Humanoid Robot Built for the Real World https://botsanddrones.uk/f/figure-unveils-figure-03-humanoid-robot-built-for-the-real-world

• Watch Figure 03 show off its Model T robot moves https://newatlas.com/ai-humanoids/watch-figure-03-model-t-robots/

• Tesla target raised to $500 at RBC on Optimus opportunity https://ca.investing.com/news/stock-market-news/tesla-target-raised-to-500-at-rbc-on-optimus-opportunity-4240998

• America’s Robot Army Just Went Live: Lockheed Reveals Stealth Drone That Hunts Without Human Control and Changes War Forever https://www.sustainability-times.com/research/americas-robot-army-just-went-live-lockheed-reveals-stealth-drone-that-hunts-without-human-control-and-changes-war-forever/

• Autonomy & Uncrewed Systems https://www.lockheedmartin.com/en-us/capabilities/autonomous-unmanned-systems.html

• Lockheed Martin Leverages AI and Machine Learning to Revolutionize Defense and Space Technology https://www.lockheedmartin.com/en-us/news/features/2024/lockheed-martin-leverages-ai-and-machine-learning-to-revolutionize-defense-and-space-technology.html

• Northrop Grumman to expand use of NVIDIA AI technology for advanced space operations https://defence-industry.eu/northrop-grumman-to-expand-use-of-nvidia-ai-technology-for-advanced-space-operations/

• Robotic Technology Demonstrator https://www.baesystems.com/en/product/robotic-technology-demonstrator

• BAE Systems Report Highlights AI’s Expanding Role in Defense Asset Management https://govconexec.com/2025/09/bae-systems-artificial-intelligence-andrea-thompson/

• Four in five defence decision makers put AI at the forefront of their digital strategies https://www.baesystems.com/en/article/four-in-five-defence-decision-makers-put-ai-at-the-forefront-of-their-digital-strategies

• Lethal Autonomous Weapon Systems (LAWS): Accountability, Collateral Damage, and the Inadequacies of International Law https://law.temple.edu/ilit/lethal-autonomous-weapon-systems-laws-accountability-collateral-damage-and-the-inadequacies-of-international-law/

• Mind the Gap: The Lack of Accountability for Killer Robots https://www.hrw.org/report/2015/04/09/mind-gap/lack-accountability-killer-robots

• Expert Panel on Social and Humanitarian Impact of Autonomous Weapons in Latin American and Caribbean https://www.hrw.org/news/2023/03/08/expert-panel-social-and-humanitarian-impact-autonomous-weapons-latin-american-and

• Reducing the Risks of Artificial Intelligence for Military Decision Advantage https://cset.georgetown.edu/publication/reducing-the-risks-of-artificial-intelligence-for-military-decision-advantage/

• The Risks of Artificial Intelligence in Weapons Design https://hms.harvard.edu/news/risks-artificial-intelligence-weapons-design

• The War You Never Leave: The Hidden Psychological Toll on America’s Drone Pilots https://www.military.com/feature/2025/10/13/war-you-never-leave-hidden-psychological-toll-americas-drone-pilots.html

• Psychological issues in drone operators: A narrative review https://pmc.ncbi.nlm.nih.gov/articles/PMC8611566/

• Drones causing mass trauma among civilians, major study finds https://www.thebureauinvestigates.com/stories/2012-09-25/drones-causing-mass-trauma-among-civilians-major-study-finds

• The Psychological Impact of Drones https://g2webcontent.z2.web.core.usgovcloudapi.net/OEE/Red%20Diamond/TRADOC_11DEC2024_Drone_Psychological_Impact_Peno_Pettigrew.pdf

• Understanding the Global Debate on Lethal Autonomous Weapons Systems: An Indian Perspective https://carnegieendowment.org/research/2024/08/understanding-the-global-debate-on-lethal-autonomous-weapons-systems-an-indian-perspective?lang=en

• Losing Humanity: The Case against Killer Robots https://www.hrw.org/report/2012/11/19/losing-humanity/case-against-killer-robots

Windows 10 support ends in October 2025. Learn how to check if your PC can upgrade to Windows 11 or needs replacing. Cyberkite can help across Australia.

Service announcement: The 14 October 2025 deadline is critical. Act now to protect your business from security threats. If you are a small business (10 staff or less) and you are based in Australia contact Cyberkite for help today!

Book Win 10 Assessment Session Now1

Microsoft has officially announced that support for Windows 10 ends in October 2025. If you’re still using Windows 10, now is the time to prepare your computer for the transition. Whether you’re a small business owner, home office user, or just a personal computer user, planning ahead is crucial to avoid disruptions and security risks.

At Cyberkite IT Support, we’re here to help Australians and fellow business people worldwide to get ahead of the change and make smart decisions – upgrade or replace? Let’s walk you through it.

🔍 What Does Windows 10 End of Life Mean?

Once Windows 10 support ends:

• No more security updates or patches

• No technical support from Microsoft

• Increased cybersecurity risks

• Reduced compatibility with newer apps and devices

If you rely on your PC for work, finances, or storing important files, you shouldn’t wait until October to act.

Please let other know by sending this article to them.

🛠️ Should You Upgrade or Replace Your PC?

Some computers can be upgraded to Windows 11, but not all. Microsoft introduced strict hardware requirements for Windows 11 – such as TPM 2.0 and newer CPUs.

Here’s what to consider:

• Age of your PC: Older than 2018? Likely not upgradeable.

• Processor & TPM support: Windows 11 requires a compatible CPU and TPM 2.0.

• Storage and RAM: Minimum 64GB storage and 4GB RAM – but 8GB+ is recommended for smoother performance.

📅 Windows 10 & Windows 11 Support Timeline

Here’s a quick timeline of the key dates you need to know:

🛑 Windows 10

• 🗓️ Initial release: July 29, 2015

• 📦 Final version: Windows 10 22H2 (released October 2022)

• ❌ End of support for all editions: October 14, 2025 (prepare well in advance)

• 🔐 After this date:

  • No more security updates or patches

  • No technical support from Microsoft

• 💼 Extended Security Updates (ESU):

  • Available only for business customers

  • Paid support until October 2026

  • Not recommended or practical for home users

✅ Windows 11

• 🗓️ Initial release: October 5, 2021

• ❌ End of support for all editions: TBA (estimated 2026–2027)

• 🔁 New major versions released annually

✅ How to Check if Your PC Can Run Windows 11

Microsoft provides a free tool to help you check:

PC Health Check Tool:

Download it here: https://www.microsoft.com/en-us/windows/windows-11#pchealthcheck

• If when you go into the website and it says “Your PC is already running Windows 11“ then you are already on Windows 11

• But, if you go into the above website and it asks you to download the PC Health Check app

This tool gives you a quick result on whether your device is compatible with Windows 11, and if not – what it’s missing.

Australian small businesses can contact us to help them check remotely. If you are based outside Australia you can find local IT Support by going to Google search and typing: it support near me

🖥️ Windows 10 Support End Upgrade Options with Cyberkite IT Support

Cyberkite like most IT support providers will be able to offer you the following options for dealing with the Windows 10 end of support:

• Step 1: Check if your computer can be upgraded — contact Cyberkite IT Support for an assessment. Press the green chat to contact us for help or go to the Contact page.

• Step 2: Decide your best option:

  • (Option A) Upgrade from Windows 10 to Windows 11 if computer is compatible. Contact Cyberkite for upgrade remote support in Australia.

  • (Option B) Replace the computer if it can’t be upgraded to Windows 11. Contact Cyberkite for pre-purchase support to save money and get the best computer for your needs. People often buy computers in shops on special - but Cyberkite can help guide you what’s best to get the best gear, not heavily discounted old stock. Contact Cyberkite today if you are a small business based in Australia.

  • (Option C) NOT RECOMMENDED: For domestic & business customers, apply through Cyberkite for Windows 10 Extended Security Updates (ESU) to keep critical security patches up to October 13, 2026. After that you have to replace your device. Usual cost is approx $30 USD. Learn more on Microsoft ESU page. Contact Cyberkite to discuss and help you with this option this option if it’s needed for special software. Australian customers can contact us today.

    • Note: ESU enrollment does not provide other types of fixes, feature improvements, or product enhancements. It also does not come with technical support. It just provides basic security updates.

Additional Options:

• Explore cloud solutions like Windows 365 or Azure Virtual Desktop for ongoing support without new hardware. Contact Cyberkite to discuss these options.

• Cyberkite can convert the Windows 10 computers that can’t be upgraded to ChromeOS to turn them into Chromebooks so you can continue to use them for business but for web only applications as Chrome OS can’t install Windows apps - but most things are on the web so this a great cost saving option and good recycling option. Refer to the Computer Resurrection service outlined on our IT Support page.

• Another option is to purchase a new different type of computer - either a Apple computer or Chromebook (ChromeOS). Contact Cyberkite for pre-purchase support.

💡 Not Sure What to Do? Book Cyberkite IT Support

If you’re unsure how to check your PC or need help deciding between upgrading or replacing, Cyberkite IT Support is here to help.

Cost: It will most likely be a short support session remotely based on our low service rate starting from AUD $57 for 30 min remotely. Refer to to our IT Support page for full service rates here.

We offer:

• Remote (Australia-wide) or on-site support (Greater Melbourne)

• Compatibility checks for your current device

• Recommendations for suitable upgrade or replacement options

• Alternative options if you can’t upgrade

• Setup and data transfer assistance if needed

We work with individuals and micro-businesses (up to 10 staff) across Australia.

📞 Contact Us Today

📍 Australia-wide Remote Support

📍 On-site in Mt Waverley & Greater Melbourne

💻 Visit our full IT Support page: cyberkite.com.au/support

📩 Contact us: Contact Page or hit the green chat button

🌍 Outside Australia?

If you’re not based in Australia, check your PC using Microsoft’s tool above or visit the official Microsoft upgrade support page here:

https://support.microsoft.com/windows

During this global transition from Windows 10 to Windows 11 I hope the process is smooth for you and I hope that if your small business is based in Australia that you will book Cyberkite to help you through this transition.

Happy computing,

Michael Plis

Melbourne, Australia

OpenAI’s ChatGPT AI Agent feature was introduced at a July 2025 launch event. AI agents are a new breed of AI-powered software that can take actions on your behalf, not just answer questions and it’s being rolled out across the top major vendors such as OpenAI. This article will help businesses and particularly small businesses to understand the AI Agents more as they start to become available for use and to workout if they are needed and their risks.

What are AI Agents?

OpenAI’s latest “ChatGPT Agent” upgrade (powered by GPT-4o) can carry out tasks end-to-end using its own virtual computer. For example, you can ask ChatGPT to “plan and buy ingredients for breakfast” or “review my calendar and brief me on upcoming meetings” – and it will navigate websites, log in (with permission), run code, and even produce editable slides or spreadsheets summarizing results.

Other AI agent platforms and frameworks have also emerged: open-source projects like Auto-GPT, AgentGPT and BabyAGI let anyone build autonomous agents, and major companies (e.g. Google’s upcoming Gemini agentic model - at least they are indicating this is in the works & they will want to compete with Grok and ChatGPT) are jumping on board. In short, think of AI agents as digital coworkers that browse the web, schedule tasks, buy tickets, file reports, manipulate files or code, and learn from your preferences over time – far beyond what a static chatbot could do.

“AI agent is “designed to autonomously collect data from its environment, process information and take actions”

Behind the scenes, AI agents combine a large language model (LLM) with a suite of tools and APIs. As Palo Alto’s Unit42 explains, an AI agent is “designed to autonomously collect data from its environment, process information and take actions” toward your objectives. It uses the LLM to plan and reason, then calls external tools (like a web browser, code interpreter, or file manager) as needed.

• Figure 1 below illustrates a typical AI agent architecture: the LLM powers planning, an execution loop calls various tools or functions, and the agent can even store short- or long-term memory to track context.

Now let’s discover what they can do.

Key AI-Agent Capabilities

The new AI agents can do among other things the following type of actions:

• Browse and interact with websites: Agents can navigate the web like a user, clicking links, filling forms, and scraping data. This enables them to find information, compare products, or perform online bookings.

• Manage scheduling and purchases: Agents can access your calendar and make appointments or reservations. They can even add items to a shopping cart or order groceries (with your approval).

• Automate complex workflows: Agents link to tools like code interpreters and spreadsheets. For example, they can analyze competitor data, run code to process it, and output charts or slide decks summarizing the results.

• Create and handle files: They can generate documents, edit spreadsheets, or compile reports on the fly. You might tell an agent to “generate a slideshow on market trends” and it will do so using built-in presentation tools.

• Learn and personalize: Over time, agents can remember your preferences (e.g. preferred travel options or file formats) via connected “memory” features or accounts, making them more efficient at repeat tasks.

• Other future capabilities: AI Agents will definitely going to have more skills s they are upgraded and compete against each other.

These abilities hold great promise. And for the agent, skills will keep getting added particularly “in in front of the computer” type tasks, which eventually all will be doable with AI agents with minimal human supervision or human supervision. Which is what Sam Altman recently mentioned.

AI Agents may be open a whole new attack surface

But as soon as agents gained autonomy, security experts have been sounding the alarm: AI Agents may be open a whole new attack surface. So now let’s analyse the cybersecurity risks that may potentially happen to AI Agents below.

Cybersecurity Risks of Autonomous AI Agents

AI agents inherit all the risks of LLMs (like data leakage or prompt injection) and add many more. Trend Micro and I caution that linking an AI agent to external systems raises fundamental security questions:

• Could an LLM executing code be hijacked to run harmful commands?

• Could hidden instructions in a document trick the agent into leaking your passwords or client data?

• Could an AI Agent give information or money away to malicious websites or services it accesses?

• Can you think of any others?

Palo Alto’s Unit42 likewise warns that agents combine language-model threats with traditional software vulnerabilities. Because agents call external tools, they can be exposed to SQL injection, remote code execution (RCE), broken access controls, and other classic flaws in the connected systems.

In practice, experts see several concrete threats:

• Prompt Injection (Malicious Web Content): Perhaps the biggest worry is prompt injection. Malicious websites could hide deceptive instructions (e.g. in invisible page elements or corrupted metadata) that an agent might follow. For instance, a fake site might show a phishing form asking the agent, “Enter your credit card to proceed with this task,” hoping the helpful agent will comply. OpenAI’s own launch team called out this scenario: agents “stumble upon a malicious website that asks it to enter your credit card information… and the agent, which is trained to be helpful, might decide that’s a good idea”. The agent could unknowingly expose sensitive data or perform unintended actions. Analysts have already demonstrated prompt-injection hacks on open-source agents like Auto-GPT, forcing them to ignore their original goal and execute attacker-supplied commands.

• Tool Misuse and Goal Manipulation: Attackers may trick an agent into abusing its connected tools. For example, a cleverly crafted prompt could coax an agent to run harmful code, send spam emails, or modify critical data. Unit42’s research highlights “tool misuse” as a risk: an adversary might manipulate the agent to trigger unintended API calls or to break policies inside the tools it uses. Agents that plan multi-step tasks can also be hijacked at the planning level – subtle changes to an agent’s perceived goals could redirect its actions. In other words, the agent’s plan itself can be tampered with, leading to entirely malicious workflows.

• Credential Theft and Impersonation: AI agents often require login tokens or API keys to do their job (e.g. access your email or calendar). If these credentials leak (say, via prompt injection or misconfiguration), attackers could impersonate the agent or your user identity on other systems. Unit42 warns of this: “theft of agent credentials… can allow attackers to access tools, data or systems under a false identity.”. A compromised agent identity might then execute privileged actions on behalf of the user or organization. Likewise, attackers could spoof an agent’s identity to trick other systems or trick human users.

• Unauthorized Code Execution and Data Exfiltration: Since agents can execute code (through built-in interpreters or APIs), an attacker who sneaks code into an agent’s context could gain full RCE in the agent’s environment. This could expose the host network, internal files, or sensitive information. Unit42 emphasizes the RCE danger: “Attackers exploit the agent’s ability to execute code… by injecting malicious code, they can gain unauthorized access to the internal network and host file system.”. In a breached scenario, the agent becomes a pivot point into your IT environment. Similarly, agents can inadvertently exfiltrate data: a hidden prompt might force the agent to email your customer database to an attacker, or to paste your payment info into a shady form.

• Expanded Attack Surface (Phishing, Spam, etc.): AI agents effectively act as new endpoints on your network. They generate unusual traffic patterns (automated browsing, high-frequency form submissions, etc.) that could be exploited by attackers. Phishing could evolve into “agent-phishing,” where malicious sites target the agents themselves. Other risks include poisoned training data (if the agent uses web content to learn or fine-tune) or corrupted plugin scripts. In short, anything vulnerable on a regular computer or browser is now also a vulnerability for the agent’s “virtual machine.”

Security researchers stress that these threats are real and growing. As one analyst put it, “any company that uses an autonomous agent like Auto-GPT to accomplish a task has now unwittingly introduced a vulnerability to prompt injection attacks.”.

Trend Micro observes that AI agent vulnerabilities can directly lead to “theft of sensitive company or user data, unauthorized execution of malicious code, manipulation of AI-generated responses [and] indirect prompt injections leading to persistent exploits”.

OpenAI itself acknowledges the risk: their announcement notes that having ChatGPT act on the live web “introduces new risks” and that “successful attacks can have greater impact and pose higher risks”.

In sum, AI agents may be powerful helpers, but “AI agent fraud is real” as Stytch warns – attackers will exploit injected prompts, deepfakes and impersonation to trick or hijack these agents.

Now that we know some of the cybersecurity risks associated with AI agents let’s look at some possible cybersecurity best practices as well as defenses that businesses and the AI Agent developers themselves can implement - because, yes, the onus is primarily on AI Agent developers to ensure their agents are secure and your data that you trust the AI Agents with is handled right.

Securing AI Agents: Best Practices and Defenses

Given the stakes, cybersecurity professionals and developers are already outlining security-first strategies for AI agents. The consensus is that defense-in-depth is essential – no single fix will suffice. Here are key ideas from experts and vendors for making AI agents safer:

• Strong Authentication & Scoped Permissions: Never trust an agent by default.

  • Each agent should have only the minimum privileges needed (the principle of least privilege). For example, if an agent only needs to read your calendar, it should never have permission to send emails or access banking.

  • Experts recommend using modern delegation protocols (like OAuth2) to issue each agent a scoped token tied to your user account. This way, agents never store your raw passwords or API keys – they act through limited tokens. You can further impose time limits or step-up (MFA) for sensitive actions.

  • Stytch’s guidance specifically advises assigning “each agent a scoped token tied to a user-approved session”, so you can revoke or expire it at any time. In practice, treat the agent like a service account: explicitly authorize it for each system it should access.

• Least-Privilege & Restrictive Scopes: Go further by heavily restricting what agents can do. Design agent tokens so that dangerous actions (bank transfers, personal data access) are not allowed unless absolutely necessary.

  • For instance, an agent with calendar:read permission should not simultaneously have email:send or bank:transfer scope.

  • Some suggest even limiting when and how agents can act – e.g. blocking transactions late at night or flagging large purchases for extra review.

  • These granular permission controls ensure that even if an agent is tricked, its ability to harm you is very limited.

  • In my opinion, another idea is to have a defined list of websites and services that agents can use - essentially creating a secure and trusted web experience for the agent to vet and re-vet websites and services the agent uses because sites can become insecure eg: hacked without even the owner of the site knowing.

• Prompt Hardening and Input Validation: Control exactly what instructions reach the agent. Wherever possible, separate the agent’s core system prompt (how it’s instructed to behave) from any untrusted data (like web content or user input).

  • Apply filtering on all inputs: block known malicious patterns (like “ignore previous instructions” or embedded code).

  • For agents reading external content (emails, web pages, documents), consider preprocessing that content in a sandbox first to strip out embedded scripts or HTML injections.

  • OpenAI also builds refusal training into ChatGPT Agent – it has been trained to reject or flag obviously malicious or ambiguous prompts. Developers should similarly use content moderation or safety classifiers to screen any untrusted instructions before the agent sees them.

• Secure Sandboxing: Run agents in heavily confined environments. Unit42 emphasizes that agent’s code interpreters and browsers must be sandboxed: “enforce strong sandboxing with network restrictions, syscall filtering and least-privilege container configurations”.

  • In practice, this means agents operate in an isolated VM or container with strict firewall rules. Even within that, limit outbound connections (only allow to whitelisted domains) and restrict file system access. The idea is to make an agent’s “computer” so locked-down that even if it executes malicious code, the damage is contained.

  • An idea I would like to propose is even considering whitelisting only a narrow set of trusted websites or APIs that their agents can use, and regularly re-verifying those sources for safety.

considering whitelisting only a narrow set of trusted websites or APIs that their agents can use, and regularly re-verifying those sources for safety.

• Monitoring and Anomaly Detection: Treat agents as first-class citizens in your logging and monitoring systems. Log every action an agent takes (web requests, file operations, API calls) and analyze for anomalies. I would say also provide action history for the end user to view for transparency and safety. Use heuristics or AI to spot when an agent’s behavior deviates from normal patterns (for example, a surge of activity or requests to weird endpoints).

  • Stytch suggests fingerprinting and device-analysis: many AI agents’ traffic can be distinguished from human users. A clever defense might throttle or flag excessive automation.

  • Palo Alto is even developing an “AI Runtime Security” solution (Prisma AIRS) to watch network traffic from AI applications and detect threats like prompt injection or data exfiltration in real time. In other words, deploy new “AI security” tools to peer over your agent’s shoulder.

• Human-in-the-Loop for Critical Actions: Even as agents automate, keep humans in the loop for sensitive tasks. Require explicit user approval (ideally multi-factor) before the agent does anything high-impact (financial transactions, changing security settings, deleting data). For instance, you might configure your agent to always pause and prompt you whenever it’s about to spend money or transfer files.

  • Both OpenAI and Stytch emphasize this: ChatGPT Agent is trained to “explicitly ask for your permission before taking actions with real-world consequences”, and experts advise gating high-risk operations behind an MFA or confirmation step. A simple approach is OpenAI’s “takeover mode,” where the user directly types sensitive info or credentials rather than letting the agent handle them. This way the agent never even sees your password or credit card number, dramatically reducing leakage risk.

• Continuous Security Testing and Hardening: As with any software, AI agents need ongoing audits. Conduct regular red-team exercises against your agents: simulate prompt-injection attacks and try to trick the agent into misbehaving.

  • Integrate open-source testing tools that probe for common AI attacks (e.g. malicious prompts, malformed documents) before deploying agents. Adopt a bug bounty or formal review program for agent workflows.

  • Stytch recommends treating AI agents as you would critical infrastructure: “Subject them to regular and rigorous security testing; stay current on emerging threats… update your defenses accordingly.”. Maintain detailed logs for forensic analysis if something goes wrong.

In practice, many of these defenses echo traditional security wisdom adapted for AI. For example, least-privilege and careful authentication have always been best practice – now we just apply them to agents. As Stytch article concludes, “The good news is that many best practices (like least privilege, strong authentication, and vigilant monitoring) apply for both human users and AI agents – they only need to be extended to this new context”.

So let’s now learn about where AI agents are in the grand scheme of AI agent development hype cycle and what the future holds for them.

AI Agents in the Hype Cycle

In Gartner’s 2025 Hype Cycle for AI, AI Agents have surged to the “Peak of Inflated Expectations.” This means they’re riding high on media buzz and early adoption, especially with major releases like ChatGPT Agents and Google’s Gemini agentic projects. While their promise is impressive, automating complex tasks, learning user habits, and acting as digital coworkers seems a bit far fetched as the technology is still in its early phase, with many risks not yet fully addressed which we will discuss further in this blog.

Gartner predicts that AI Agents will likely dip into the “Trough of Disillusionment” next, where limitations and security gaps become more apparent. But this is a normal part of the innovation cycle. Technologies that survive this phase usually emerge stronger and more useful.

In time, AI Agents could become highly capable assistants that help with workflows, scheduling, data analysis, and even decision-making, especially in small business environments. And once the AI Agents get to “Plateu of Productivity” on the cycle they will kee getting better and better. They will most likely combine

• Figure 2 “Gartners Hype Cycle for AI” below shows how technology hype cycles change over time. Gartner predicted something different just a few years ago. In my opinion the hype cycle cannot be applied the whole concept of AI as new and improved AI can be released and scaled almost like the Moore’s law (Definition: Moore’s Law suggests that microchip transistor counts double roughly every two years, resulting in greater computing power and lower costs. While not a scientific law, it has been a key benchmark driving progress in the semiconductor industry.). So I think there should be some sort of mapping done on how AI is advancing - perhaps a formula much like Moore’s law?

Looking ahead, the future of AI Agents will depend on security, transparency, and careful integration and even more important reliability. There is still the problems inherent in AI in terms of accuracy of output.

As businesses move beyond the hype, they’ll need to prioritize trust, safety, and practical use cases. Those who approach adoption cautiously but strategically will be in a strong position to benefit when AI Agents reach the “Plateau of Productivity.”

Finally, below I discuss the possibilities of AI Agents in the future while at the same time balancing innovation and security.

Balancing Innovation and Security as AI Agents contribute to the future

AI agents are exciting – they can automate tedious tasks and boost productivity for small businesses and IT teams. But we must be realistic about the risks. OpenAI itself stresses a “caution over capability” mindset: ChatGPT Agent includes “always-on monitoring, refusal training, [and] red teaming” to minimize new risks, and users always have the power to “take over” the browser at any time. Still, as one TechRadar commentator put it, “trust is everything” – handing over an AI agent to autonomously spend your money or access accounts can feel unnerving.

In the coming months, organizations will need to decide what tasks they’re comfortable delegating to agents, and build appropriate guardrails

In the coming months, organizations will need to decide what tasks they’re comfortable delegating to agents, and build appropriate guardrails (that includes the AI developers). Will you trust your digital assistant enough to use it for online purchases or entering payment details? Or will you limit it to less-sensitive chores, like gathering publicly available data? Regardless, experts agree: design for security from day one.

As Stytch warns, agents expand your attack surface into new territory, and attackers are already adapting AI to their advantage. By thinking defensively by vetting sources, scoping permissions, enforcing human checkpoints, and monitoring behavior, we can harness AI agents’ benefits while minimizing harm.

In short, AI agents are a powerful new tool, but they must be treated with the same rigor as any other system. With layered defenses and vigilant oversight, businesses can make agents a net positive. Otherwise, an autonomous AI on your team could just as easily become an avenue for attackers.

Happy gliding online,

Michael Plis

References

Sources: Industry experts from OpenAI, Palo Alto Unit42, TechRadar, VentureBeat, Trend Micro and Stytch inform this analysis. These sources detail AI agent capabilities, risks (prompt injection, credential theft, code exploits) and recommended security practices (scoped tokens, sandboxing, monitoring, human-in-loop, etc.). Each recommendation above is grounded in cited research or vendor guidance.

• OpenAI – ChatGPT Agents Announcement https://openai.com/index/introducing-chatgpt-agent/

• CYBERSEC AI AGENTS CONCERNS COMMENTS: OpenAI Dev Day Live Keynote “Introduction to ChatGPT agent” (Sam Altman’s remarks near the end): 24:41 time index:

• FULL KEYNOTE: OpenAI Dev Day Live Keynote “Introduction to ChatGPT agent”

• Gartner - Hype Cycle for Artificial Intelligence, 2025 (Paywalled) https://www.gartner.com/en/documents/6579402

• Palo Alto Networks Unit42 – Security Risks of LLM-Powered Agents https://unit42.paloaltonetworks.com/security-risks-of-llm-agents/

• Trend Micro - Unveiling AI Agent Vulnerabilities Part I: Introduction to AI Agent Vulnerabilities https://www.trendmicro.com/vinfo/au/security/news/threat-landscape/unveiling-ai-agent-vulnerabilities-part-i-introduction-to-ai-agent-vulnerabilities

• Trend Micro - Unveiling AI Agent Vulnerabilities Part II: Code Execution https://www.trendmicro.com/vinfo/au/security/news/cybercrime-and-digital-threats/unveiling-ai-agent-vulnerabilities-code-execution

• Trend Micro - Unveiling AI Agent Vulnerabilities Part III: Data Exfiltration https://www.trendmicro.com/vinfo/au/security/news/threat-landscape/unveiling-ai-agent-vulnerabilities-part-iii-data-exfiltration

• Stytch – AI agent security explained https://stytch.com/blog/ai-agent-security-explained/

• Stytch - AI agent fraud: key attack vectors and how to defend against them https://stytch.com/blog/ai-agent-fraud/

• TechRadar – ChatGPT Agent shows that there’s a whole new world of AI security threats on the way we need to worry about https://www.techradar.com/computing/artificial-intelligence/chatgpt-agent-shows-that-theres-a-whole-new-world-of-ai-security-threats-on-the-way-we-need-to-worry-about

• VentureBeat - How OpenAI’s red team made ChatGPT agent into an AI fortress https://venturebeat.com/security/openais-red-team-plan-make-chatgpt-agent-an-ai-fortress/

• VentureBeat - How prompt injection can hijack autonomous AI agents like Auto-GPT https://venturebeat.com/security/how-prompt-injection-can-hijack-autonomous-ai-agents-like-auto-gpt/

• VentureBeat - Invisible, autonomous and hackable: The AI agent dilemma no one saw coming https://venturebeat.com/security/invisible-autonomous-and-hackable-the-ai-agent-dilemma-no-one-saw-coming/

• VentureBeat - The great AI agent acceleration: Why enterprise adoption is happening faster than anyone predicted https://venturebeat.com/ai/the-great-ai-agent-acceleration-why-enterprise-adoption-is-happening-faster-than-anyone-predicted/

• VentureBeat - Gartner: 2025 will see the rise of AI agents (and other top trends) https://venturebeat.com/security/gartner-2025-will-see-the-rise-of-ai-agents-and-other-top-trends/

• GitHub – Auto-GPT Project https://github.com/Torantulino/Auto-GPT

• AgentGPT – Autonomous AI Agent Framework

https://agentgpt.reworkd.ai/

• AutoGPT - Open Source AI Agent

https://agpt.co/

• (Wikipedia: https://en.wikipedia.org/wiki/AutoGPT )

• BabyAGI – AI Agent Framework by Yohei Nakajima https://github.com/yoheinakajima/babyagi

• Google DeepMind - Introducing Gemini 2.0: our new AI model for the agentic era https://blog.google/technology/google-deepmind/google-gemini-ai-update-december-2024/

In this article I help you and your business identify possible dangers of displaying personal information publicly. This can impact information we publicly share in our personal and work lives that could put your digital data at risk, not to mention physical safety risks. Let’s dig into this further.

What are the dangers of displaying personal information?

In an age where digital footprints are left behind with every click and connection, it’s crucial to recognize the potential risks associated with publicly displaying personal information. Take a moment to evaluate the stickers adorning your cars, the decorations in your home, or even the clothing you wear. Each of these items can inadvertently reveal your interests, beliefs, and personal details to malicious hackers who are always on the lookout for vulnerabilities.

Consider this: if you share a photo on social media that features those items in the background, or if you mention your pet’s name or display your computer setup, you might be unwittingly providing valuable information for cybercriminals. Using details from your posts for password recovery or security questions can increase your vulnerability. What seems like harmless sharing can turn into an open invitation for attacks.

Furthermore, there’s a significant privacy concern at stake. Sharing too much information can inadvertently disclose your location, exposing your family to potential threats such as violence or theft. Showcasing valuable items or revealing where you live may attract unwanted attention from those with malicious intent. In a world fraught with both physical and cyber dangers, it often feels necessary to minimise our public individuality to protect ourselves, our loved ones, and our workplaces.

Will this situation ever improve? Perhaps the answer lies in humanity’s ability to rise above harmful behaviours. Only when we collectively move beyond malicious activities can we hope to create a safer environment for everyone.

What do people in Western countries feel their privacy situation is?

How do people feel about privacy these days?

It appears whether you live in western countries or other countries, people all over the world have the same reservations about the privacy of their data in our hyper digital world.

The state of privacy in China for example is characterised by significant government surveillance and control over personal data. The Chinese government employs a vast array of monitoring technologies, including facial recognition and internet censorship, to track citizens’ activities both online and offline. While there is growing public concern about data privacy and security, many individuals feel they have limited control over their personal information, as the government prioritises security and social stability over privacy rights.

• Recent developments, such as the Personal Information Protection Law (PIPL), aim to enhance data protection; however, the implementation remains inconsistent, and many still worry about the lack of transparency and accountability in how their data is handled by both the state and private companies. Overall, the balance between privacy and state control continues to be a contentious issue in China’s socio-political landscape.

Across the Pacific in the USA, in a Pew Research Center survey, a significant majority of Americans express deep concerns about the privacy and security of their personal data. Approximately 60% feel that it’s impossible to navigate daily life without having their data collected by companies and the government. A substantial 81% believe the risks associated with data collection outweigh the benefits, while 79% worry about how companies use their information.

• Many lack confidence in corporations’ stewardship of their data, with 70% feeling that their personal information is less secure than five years ago. Additionally, while 97% of Americans are frequently asked to approve privacy policies, only about 20% read them thoroughly before consenting. This widespread sentiment underscores the hidden dangers of publicly sharing personal information, as many individuals unknowingly compromise their privacy in a data-driven society.

Across the Pacific ocean, the majority of Australians are increasingly concerned about their personal information security. According to the latest ACAPS 2023 survey findings (Conducted by the Australian OAIC), 62% consider the protection of their data a significant concern, yet 57% are unsure of how to effectively safeguard it. While 74% view data breaches as a serious privacy threat—an increase from previous years—only 32% feel in control of their privacy.

• Most Australians prioritise data privacy when selecting products and services, highlighting its importance as the third most significant factor after quality and price. Despite general awareness of Australian privacy laws, many desire greater protection from businesses and government agencies, with 89% advocating for more stringent regulations. Alarmingly, 47% of respondents reported being informed of a data breach in the past year, leading to various harms, including increased scams and identity theft.

• Just recently the RTB (Real Time Bidding) data scraping saga has been revealed scraping personalised Advertising data of politicians and well known people: ABC Article: The sensitive data of Australia’s security personnel is at risk of being on-sold to foreign actors

  • RTB scraping and combining that data to create a profile is a increasing threat recently covered around Patternz an ISA Security tool that used RTB. Article: Five billion people being tracked by Patternz surveillance tool

As concerns grow, citizens across the world increasingly favour proactive measures from organisations, emphasising the need for careful handling of personal information to mitigate risks in both digital and physical realms but also warnings and recommendations are given by authorities in most countries about being careful with your data online. But is it just online? Is there any data in the physical world that could affect your cyber privacy? Yes there is.

Let me make you, my readers, aware of many of the unknown dangers in order to protect ourselves better.

The Role of OSINT in Exploiting Publicly Displayed Information

Open Source Intelligence (OSINT) refers to the process of collecting and analyzing publicly available information to uncover valuable insights about a person or organisation. In today’s interconnected world, OSINT can be used to exploit personal information that individuals unknowingly share in both cyberspace and the physical world.

• What is OSINT? Open Source Intelligence (OSINT) is the practice of gathering, analyzing, and using information that is publicly available, often referred to as “open sources.” This includes data from the internet, social media, public databases, news articles, forums, and even information visible in the physical world. OSINT is widely used in cybersecurity, law enforcement, corporate intelligence, and even by malicious actors such as hackers or criminals. The main advantage of OSINT is that it utilizes data that is readily accessible without the need for hacking or breaching security measures, making it both a powerful and low-cost method of gathering intelligence.

From social media profiles and online forums to bumper stickers on cars and clothing logos, every piece of publicly displayed information can be used to create a detailed profile about you. This makes it crucial to be aware of the potential risks involved in sharing details that may seem harmless, as they can be pieced together to reveal your identity, location, habits, and more.

How is OSINT Undertaken?

1. Collecting Data from the Digital World:

• Social Media: One of the richest sources for OSINT is social media platforms like Facebook, Twitter (X), Instagram, and LinkedIn. These platforms often reveal personal information like your full name, location, job, family relationships, habits, hobbies, and interests. Even harmless posts or check-ins can give away your real-time location or routines. For instance, posting about a vacation while you’re away can expose your home to burglary risks.

• Public Databases and Forums: OSINT also involves scouring public records, databases, and discussion forums. Information such as addresses, phone numbers, work history, or even opinions expressed in forums can be pieced together to build a detailed profile of a person.

• Search Engines and Websites: OSINT tools often make use of simple web search engines like Google to find personal details. People may unknowingly leave traces of information, such as email addresses or home addresses, on websites that are indexed by search engines.

• Public Sharing of Files: Information shared in public domains—like cloud storage links, PDFs, or any documents containing sensitive metadata—can be accessed and analyzed to extract personal or business-related details. Often, metadata such as GPS locations embedded in images or documents can also give away vital data.

2. Collecting Data from the Physical World:

• Cars and Homes: Information publicly displayed on your vehicle (like bumper stickers with your child’s school logo or parking passes) or visible from outside your home (like security system signs or house number plaques) can be used as OSINT. These physical clues can provide insight into your lifestyle, habits, or affiliations that can be exploited.

• Clothing and Accessories: Logos or badges on clothing (such as those of specific workplaces, schools, or interest groups) can also provide a wealth of information. These details can be leveraged to discover more about your work, hobbies, or social connections, making you vulnerable to targeted social engineering attacks.

• Workplaces and Public Environments: Displaying personal or sensitive information in public settings, such as leaving business cards, badges, or access cards exposed, can give attackers a head start in identifying your workplace, your role, or even your access rights within an organization.

The Dangers of OSINT in Both Worlds

When public information is available both online and in the physical world, malicious actors can combine these sources to create a complete profile of an individual or a business. This can lead to severe security and privacy breaches. Here’s how OSINT works in different areas:

• Digital Exposure: Hackers or cybercriminals use OSINT to gain insight into your personal life or business. For example, finding your email address and then cross-referencing it with a password leaked in a data breach could enable them to access your accounts. They can also look at your social media to perform social engineering attacks, where they impersonate you or trick you into sharing more information.

• Physical Exposure: In the physical world, an attacker might learn your habits through the visible information you display—such as when you’re away from home or where your children go to school—allowing them to plan targeted actions like burglary or stalking or violence or breaking in in order to access your IT devices, plant surveillance to monitor you to enter your credentials on your devices (eg: cryptocurrency logins), and so many more digital and physical reasons.

Defense Against OSINT Exploitation

To defend against the risks of OSINT:

• Limit Digital Footprint: Be cautious about the amount of information you share online. Avoid posting real-time locations, personal details, or photos that reveal too much.

• Hide Physical Clues: Remove or minimize visible identifiers from your car, home, and belongings that could provide insights about your daily life.

• Manage Public Sharing: When sharing files online, strip away unnecessary metadata. Review privacy settings on all your social media platforms and restrict access to personal data.

• Regularly Audit Information: Periodically search for your own personal or business data to see what is publicly available and take steps to remove or conceal sensitive details.

Understanding the methodology of OSINT helps you recognize how your publicly shared information, even in innocent forms, can become a liability. By managing both your digital and physical presence, you can reduce exposure to potential threats.

Let’s dig deeper on how to defend ourselves from potential OSINT theft and the exploitation of stolen personal data.

How to defend yourself for possible attacks related to display of personal information?

I will go in-depth regarding as many areas of public exposure that could be used to hone in more information about you and those you need to keep safe. Get ready folks, this is going to be a wild ride.

Hide info on social media & apps online

This has been talked about for quite some time but sometimes we all get slack with it. When you post on social media, yourself and your place and your possessions and things like that, you are risking these things being used to hone in on a number of details, both for cyber and physical theft and attack in person. Here’s some ideas on what to remove depending on your preferences:

Social media apps additional info hiding tips

• Review your social media posts across all platforms to see if you’ve got any personally identifiable information such as your pets, kids, your possessions or revealing potential clues of your location to the wider public

• Are you celebrating birthday or anniversary days which could be used to workout those dates? Don’t post about it online if your account is publically viewable.

• Are you sharing your kids’ names or pet names on social media? Apart from being a privacy concern, the other issue is that if you’re using any of those details in your password recovery questions or as part of your password, then it’s best not to use such details especially if you post about it.

• Basically only leave information online that you do not care about and will not be used to identify you or be used in circumventing any cyber defences such as online accounts that might be using those pieces of information.

• Hiding details that you don’t want public in posts and social media accounts are such as as personal milestones, locations, personal details in bio, personal interests, metadata on photos (some social media don’t remove the GPS coordinates embedded in metadata of photos), hide lists of friends or followers, hide your birthday, place of birth, current location, consider locking down your account if you don’t influence to just keep in touch with friends, hide personal details from photos by removing the posts (look carefully for those).

• Don’t accept follows from strangers if your account is locked/private as they may want to squiz on your content to narrow down their data and undertake social engineering attacks and phishing attacks. There is a ton of fake accounts that impersonate a love interest that could get caught in a sextortion or cryptocurrency scams lose money.

• Remember public posts and reels don’t really disappear if you post them publicly as someone can copy the data and then reuse it in the future.

• Don’t post your holidays while you’re on holidays as this could encourage break ins for the purpose of hacking or theft.

• Review all privacy and security settings on apps and social media apps.

• Be mindful of public interactions!

  • Avoid commenting or interacting publicly on controversial posts that could attract unwanted attention or give clues to your interests or opinions that could be exploited in phishing or social engineering.

  • Also avoid revealing or bragging about your assets online such as physical possessions, showing off clothes, cryptocurrency, money, bank accounts and showing off your wealth unless you want to increase chances of physical or digital theft. If you still want to remember to have a large security services if you can afford it. If you can’t afford a large security service stop flaunting your expensive stuff if you want to reduce chances of theft digitally and physically.

Sharing or “Personalising” your details for optimising Ads

• The advertisers have assured us in the past that ad networks are very secure and data they collect about us are not sent to nefarious individuals. But that is no longer true despite promises in updated terms and conditions.

  • Our Ad Disclaimer: You might be wondering why I have ads on my articles. I use Google AdSense to place ads here and on other articles. I write these pieces free of charge for you and don’t receive compensation for the hours of research and preparation involved. Google AdSense is one way for me to recoup a small portion of that effort. In my opinion, Google AdSense itself isn’t the problem—it’s simply a tool that places ads. The real issue lies with the advertisers and advertising marketplaces, including Google, who collect and sell personal information. They track what sites you visit via your web history on your Google or Facebook or other platform account—and they then use that data to target you with more effective ads that are placed on websites like ours. Everyone does that to earn something and as I’m a tiny blogger I get almost nothing. The real question is: who are they selling this data to, and are they ensuring it’s truly anonymized?

  • When it comes to privacy, the real criminals in my opinion, aren’t the websites (like mine) that show the ads in exchange for free content (and yes who wants to pay for anything anymore or can pay for anything anymore?), but the corporations and marketplaces like Google that profit from exploiting personal information collected from your viewing history on your own Google account and who correlate that with viewed ads on websites. Their lack of transparency and proper verification of RTB (Real Time Bidding) marketplace raises serious concerns about who gets access to your data and how it’s being used. If the data isn’t being properly anonymized and can be correlated with enough data, then it could be misused in ways that go beyond simple ad targeting—affecting your privacy on a deeper level.

• With the rise of surveillance tools like Patternz which was scraped using anonymised data from Google and other advertising platforms using Real Time Bidding (RTB) market, Patternz (made by security company ISA Security) tracked over five billion users globally, the risks of exposing personal information have never been greater. Data collected from everyday activities—through apps, websites, and devices—can be exploited by companies and governments for purposes far beyond advertising, including surveillance. As privacy concerns grow, it’s vital to take steps to protect personal information both online and offline, as failing to do so can leave individuals vulnerable to misuse, profiling, and potential exploitation in areas like AI-driven warfare.

How to protect your personal data for RTB to a degree?

• Disable Ad Personalisation:

  • You can disable personalised ads across major platforms like Google, Microsoft Bing, Apple, Facebook, Instagram, TikTok, Snapchat, Reddit, and others, you can follow general steps on each platform based on their Help Centres.

  • Keep in mind that this process may not completely remove ads, but it stops them from being tailored to your online activity: Upcoming blog on RTB and Personalised Ads (TBC still working on it)

• If you want to go down additional level of not seeing ads:

  • Install a trusted ad blocker if need be on your browser and train it to only allow ads on sites that you need to function on and some sites won’t show anything without allowing ads. Trusted multi-platform ad blocker is the original AdBlock. Purchasing the premium allows for multi-browser sync and settings which are much easier to handle for a very small yearly price.

  • Erase all viewing history across Google, Microsoft Bing, Apple (complicated), Facebook, Instagram, TikTok (somewhere in settings), Snapchat, Reddit (then hit Clear), and other social media sites and setup auto delete options on them (if they have any LOL).

Is Apple the bastion of Privacy?

While Apple emphasizes privacy, the reality is more nuanced. Apple’s privacy measures are certainly strong compared to many tech companies, but true privacy is not absolute. Here are key considerations:

1. Personalised Ads: Apple’s personalized ads prioritize privacy by using first-party data from its ecosystem, such as the App Store and Apple News. They process much of the ad targeting on-device, limiting data sent to their servers. While Apple offers controls to opt-out of personalized ads (as mentioned above) and restricts third-party data sharing, they still collect user data to target ads within their services. Though more privacy-focused than competitors, Apple’s advertising model relies on personalization, making it privacy-conscious but not entirely free from data collection.

2. On-Device Privacy: Apple processes sensitive data (like Face ID and Touch ID) on the device itself rather than sending it to the cloud. This is a strong privacy feature, as it minimizes the risk of exposure. However, not all data is treated this way.

3. iCloud Backups: Although iMessage and FaceTime are end-to-end encrypted, iCloud backups are not fully encrypted. This means that Apple, in certain circumstances (like complying with law enforcement), can access data stored in iCloud, such as messages, photos, and other sensitive information.

4. Third-Party Apps: Despite Apple’s efforts with App Tracking Transparency (ATT), where apps must ask for permission to track users, third-party apps can still gather data with user consent. Once shared, Apple doesn’t control how third parties handle it.

5. Law Enforcement and Compliance: Apple has a history of resisting government pressure to unlock phones, such as in high-profile criminal cases. However, they have complied with legal requests to access iCloud-stored data, which means some level of user data can be accessed. And intelligence agencies managed to get in sometimes without Apples permission using Zero Day Vulnerabilities.

6. Partnerships and Analytics: Apple still collects some user data for its own purposes, such as to improve Siri or for app recommendations. Even though they anonymize much of this data, it’s still not entirely private.

So always follow the advice of adjusting settings to maximise on security and privacy even on Apple devices and any other brand devices. And as they say in X Files: Trust no one. But there is a balance between functionality and privacy - so you need to get the right mix for you and with what you are comfortable with.

Additional app groups examples of info to hide

• Online Reviews and Forums: Leaving personal information in public reviews of services or products, or sharing specific details in forums, can lead to exposure that attackers could use for targeted attacks.

• Health & Fitness Apps: Personal data from health or fitness tracking apps (e.g., medical conditions, workout routines, or locations) can be used to impersonate individuals or for phishing scams.

• Online Shopping Accounts: Storing too much personal information (e.g., credit card details, address, or phone number) on online shopping platforms makes these accounts prime targets for cyber theft.

• Frequent Flyer Programs and Travel Bookings: Personal details like passport numbers, travel history, or frequent flyer accounts can be used for identity theft or social engineering by attackers.

• Dating Apps: Sharing personal details such as name, location, and interests on dating platforms can lead to stalking, scams, or phishing attacks.

• Online Gaming Platforms: Personal profiles in online games, including usernames, financial details, or locations, can be exploited for scams or phishing attacks.

• Educational Platforms: Personal information shared in virtual classrooms, e-learning platforms, or academic forums can be stolen and used for identity theft.

• Subscription Services: Personal data stored with streaming services or other subscriptions could be vulnerable to theft or account hijacking.

• Charitable Donations: Donating to charities without securing personal data can result in your financial and personal information being exposed to attackers.

• Government Documents & Portals: Information used for online tax filing, voting registration, or applying for government benefits can be stolen if these systems are not secure, leading to identity theft or fraud.

• Many more areas.

Now let’s cover the vehicle info dangers and other areas.

Hide info in your car

In America, some of the enforcement agencies have recently been advising people not to put personal details on cars such as stickers and custom number plates with your details on it because that can be used by physical and cyber criminals to hone in on your details and find out where you live and use those details. For example, to narrow down which accounts online are yours in order to attack them. Here’s some useful tips on what to do to mitigate that risk:

• Remove any stickers on the outside or inside of cars as these could be used to work out your parents both for thieves. Trying to get into your place but also hackers. Trying to find out more information about your family in order to hack you.

• Don’t leave personal details or documents visible inside or outside the car as these details could be used to further narrow down your personal details in order to hack you or find your address to visit you in person and steal or do violence.

• Vehicle GPS Systems: Modern vehicles with integrated GPS or infotainment systems store routes, destinations, and personal data, which could be accessed in the event of a hack. Make sure any security that entertainment systems in cars have is turned on including any information sharing settings with the manufacturers are locked down or turned off.

• Entertainment systems: If they have bluetooth or wifi then make sure it’s secure as best as possible.

• Smart cars: check all the settings to make sure no personal information is being advertised eg: displaying your name when you switch the smart car on.

Hide info on clothes

Custom t-shirts and clothing (and just generic but branded clothing as well) can be a personal way of expressing yourself and sharing your personal information or interests to the wider public and your friends. But if you have a lot of use of the online cyber space then you may need to think twice about putting clothes on that. Have personal details or interests on it. Especially if those details are then used for security questions or to help hackers hone in on you and tailor social engineering attacks towards you.

• Get rid of any t-shirts or clothes that reveal your or your kids interests or personal details or personal interests. I know this is controversial because we are all about showing what we like to people. But we live in a more dangerous world so consider doing that for the sake of increased safety. So reconsider wearing branded clothes that might reveal to others what your preferences, interests and likes are. Privacy is no longer inside your home, it’s also what you walk around with.

• Don’t show your expensive stuff in public: Showing to the public how much money you have by flaunting very expensive clothes or accessories is a digital and physical risk as it can be a motivator for hackers or thiefs to target you. I’ll tell you a little secret: Smart rich people wear everyday clothes and drive everyday cars eg: Warren Buffett has billions of dollars but drives a basic car and wears everyday clothes (Google: Warren Buffett lives a simple life)

• Don’t put on any stickers or badges or pins with your name on it or other details on your clothes, especially in public spaces if you can avoid it so that people can’t jot down your name and look you up and do a doxing.

Hide info in your home

As cyberspace gets more secure over time, hackers may start visiting your home and looking through the window to get some personal details so that they can hack your accounts more effectively or use social engineering by using those personal details displayed outside of your home or inside your home. Here’s some suggestions on how to reduce the chances of these risks:

• As much as possible, remove any of such personal details or stickers from our homes especially if they are outside.

• Avoid having all your windows open without at least lace curtains or curtains or blinds or some measure of difficulty in seeing what’s inside the home, this may be an option for hackers to get someone to fish for information visually.

• Remove any personal details such as names, kids names, pets, names, and all sorts of things in the backyard or front yard: This includes any memorials and details of dead family members, names and birthdays and all sorts of things. Why? Think about Google Street view from the top and from the street level. Could be used to look at those details and work out those personal details as possibly part of login, security questions or social engineering attempts.

• Shred info before throwing into Trash/Discarded Items: Documents or personal details thrown away without proper shredding or disposal can be retrieved by attackers for identity theft.

• Smart Home Devices: Devices like security cameras, thermostats, or smart locks connected to your network can expose sensitive information (e.g., when you’re away) if not properly secured.

• Tech gifts for kids or family: Be smart and secure with tech gifts. Parents can check the safety of popular gifts that can be connected to the internet, like smart toys, smartphones, tablets, drones and even wearables for pets. Do things like set strong passwords, turn off location settings and limit the amount of personal information young people share. For example some of these devices can have cameras or microphones.

• Hide info from Email Signatures & Email Auto-responses:

  • Avoid overly detailed email signatures (including job titles, direct numbers, and location) can provide valuable information to attackers for impersonation or social engineering schemes. Remove any details that you don’t want malicious hackers from readily getting hold of such as phone numbers, addresses, and other details.

  • Be Cautious with Auto-Responses: Avoid disclosing too much information, such as your vacation dates or location, in automated replies. This can tip off potential burglars or hackers. For example, in your autoresponder settings of any kind, avoid revealing when you’ll be away. A simple ‘I’m currently unavailable, I’ll get back to you as soon as possible’ without specifics helps protect your privacy.

• Hide info when answering voice calls & voicemail greetings:

  • Answering calls: To avoid helping spammers and hackers hone in on your name and additional details when answering calls simply say “Hello”. When they ask are “Michael Plis” ask the question “Sorry, who is speaking?”.

  • Voicemail Greetings: When creating voicemail greetings for home or work phone just use your first name, don’t include your surname and don’t include any other personal information. This is not to give out information but at the same tie help friends, colleagues and clients know they calling the right person.

Hide info from publicly shared files

One of the biggest problems today is personal information lying around in publicly shared files in cloud storage accounts. These days hackers scan the entire cloud storage domains for any shared links and they often can find treasure troves gathered by random variations of the links and other sources of those publicly shared links. Here is some suggestions to deal with this:

• When you share files on OneDrive, Google Drive, iCloud or Dropbox or other file storage services and select to share with anyone (eg usually creates a unique web link and those that have that web link can access folder(s) or file(s) that you shared) these publicly shared files often stay exposed until the share is turned off. Also files or backups stored in cloud services without proper encryption can be accessed by attackers who might gain control of account credentials. Here are the major storage providers and useful tips on reducing private information visibility.

• File naming tip: I usually put in the file names or folder names some indication that I am sharing this file or folder publicly eg: “(Share Anyone)”. That way when I search all publicly shared files it’s easier to find.

• Inside publicly shared files: Remove all personal identifiable information that you don’t want to share so that when digital strangers go in they will not get anything juicy out of it.

• Google Drive: Check all publicly shared files and folders on Google Drive - its a search string because Google doesn’t have a “Shared with others” section in the Drive - blog article I made documenting what is the strings to find files and folders publically shared via Google Drive

• OneDrive: See files you shared in OneDrive article (select Shared > By You tab)

• iCloud: There isn’t a built-in feature in iCloud to directly view all publicly shared files and folders. But you can either go to icloud.com or via the Files app on devices and select “iCloud Drive” and use search bar to search for “shared” or “public”

• Dropbox: login to dropbox.com and click on Shared > all publicly shared files and folders will appear there. You can also try to use search but it’s limited

• When you make feedback or submission to governments about issues your personal data may be included on those submissions and they may be searchable and displayable online. Especially If you submit your own document to some government inquiry and provide details about yourself inside that submitted document. Those details may stay online for a long time.

Hide info from workplaces

Workplaces can be extensions of our home when we display or bring all sorts of nick nacks and personal items. These can be visible on video conferencing or photos taken in workplaces and shared publicly and in person at the office or viewed from windows outside the workplace if the items are visible.

• Personal items on desks could be visible to fake clients that may physically go past your desk and use that in social engineering attacks or impersonation attacks.

• Personal details or items in the background images or your live actual office as your background of video calls or photos shared publicly (e.g., family photos, awards, or documents) can reveal sensitive information that could be exploited in spear-phishing attacks. Also device lock screens should not show any personal information.

• Hide info from Email Signatures & Email Auto-responses:

  • Avoid overly detailed email signatures (including job titles, direct numbers, and location) can provide valuable information to attackers for impersonation or social engineering schemes. Remove any details that you don’t want malicious hackers from readily getting hold of such as phone numbers, ABNs (business ID’s), addresses, and other details.

  • Be Cautious with Auto-Responses: Avoid disclosing too much information, such as your vacation dates or location, in automated replies. This can tip off potential burglars or hackers. For example, in your autoresponder settings of any kind, avoid revealing when you’ll be away. A simple ‘I’m currently unavailable, I’ll get back to you as soon as possible’‘ without specifics helps protect your privacy.

• Hide info when answering voice calls & voicemail greetings:

  • Answering calls: To avoid helping spammers and hackers hone in on your name and additional details when answering calls simply say “Hello”. When they ask are “Michael Plis” ask the question “Sorry, who is speaking?”.

  • Voicemail Greetings: When creating voicemail greetings for home or work phone just use your first name, don’t include your surname and don’t include any other personal information. This is not to give out information but at the same tie help friends, colleagues and clients know they calling the right person.

• Hide info on Business Websites: Employee profiles with detailed biographies or images, office locations, and organisational structures can provide attackers with the means to craft convincing social engineering attacks. Also remove all email and phone number contacts that you don’t want revealed to the public. Email addresses that are for public use might still be good to hide and replace with contact forms that use Google Recaptcha human verifier (although these are getting less useful with AI).

• Hide info from Job Applications or Resumes Posted Publicly: Posting resumes with personal details like phone numbers, addresses, or email addresses on job sites could be used by scammers or hackers to impersonate individuals.

• Hide info from Conferences and Networking Events: Sharing personal information on business cards or in conversations in public settings, especially about sensitive work projects or company details, can be a vulnerability.

• Shred info before throwing into Trash/Discarded Items: Documents or personal details thrown away without proper shredding or disposal can be retrieved by attackers for identity theft.

• Sharing info with Business Partners or Suppliers: Sharing sensitive business data with third-party vendors or partners without proper security protocols can lead to exposure through weak links in the supply chain.

• When leaving your desk: When leaving your desk at work lock your computer screen to prevent unauthorised snooping. See below instructions on how to do that:

How to lock your device screen?

Windows:

• Using Keyboard Shortcut: Press Windows + L.

• Using Start Menu: Click on the Start button, select your profile picture or account icon, and choose Lock.

Chrome OS:

• Using Keyboard Shortcut: Press Search + L or Ctrl + Shift + L.

• Using Status Area: Click on the time in the bottom-right corner, then click on your account icon, and select Lock screen.

Mac OS:

• Using Keyboard Shortcut: Press Control + Command + Q (or Command + Option + Power button).

• Using Apple Menu: Click on the Apple menu in the top left, and select Lock Screen.

Android mobile devices:

• Using Power Button: Press the Power button to lock the screen.

• Using Settings: Open Settings > Security > Screen lock, and choose a locking method (PIN, pattern, password).

iOS mobile devices:

• Using Power Button: Press the Side button (or Top button on older models) to lock the screen.

• Using Settings: Open Settings > Face ID & Passcode or Touch ID & Passcode, and set up a locking method.

Hide info when travelling

Hiding information that is sensitive when travelling is important as you and your family cn become an easy target for cyber attacks.

• Hide info on Luggage Tags: Displaying personal details like name, address, or phone number on luggage tags while travelling can also be exploited by malicious individuals.

• Lock your laptop or tablet or phone screen when not using: When not in use those devices should be with you and not unsupervised. Never trust anyone when travelling. Also consider purchasing a privacy filter screen protector on laptops and tablets.

  • When expensive devices are not in use: Even check with the hotel if they have a safety deposit box or safe but I have to warn you: some hotels or motels do the dodgy and allow malicious people to access those safety deposit boxes without ID verification - so that’s a tip to them - stop doing it if you want a good travel review. If you go to some countries that have a high theft I would only bring very cheap tech - don’t bring your jewelry or expensive tech - blend in as it were.

• Don’t provide unnecessary information to hotels and tourist places: If you provide unnecessary information that is not required if those businesses are breached your data will be exposed. Also don’t sign up to any subscriptions or fill out any advertisements or click on any links.

• Don’t scan QR codes of any kind: Don’t scan any QR codes in restaurants to order food and fill out their ordering forms through it. Sometimes hackers put fake QR Code stickers over the top to infect your devices or steal your information. Any other QR codes please don’t use. Just use traditional forms of buying like a credit card, cash or use a local ATM usually possible to withdraw with your credit or debit card with the VISA symbol from most ATM’s in the world. But make sure nobody sees you type the pin.

• Don’t connect to Public Wi-Fi, instead buy a local SIM card and add data to it: Logging into personal accounts over unsecured public Wi-Fi networks during travel without encryption leaves personal data vulnerable to interception.

Conclusion

In today’s world, the risk of exposing personal information has never been greater. As we’ve explored throughout this article, even seemingly harmless details—whether shared online, displayed on your vehicle, or subtly embedded in your clothing—can be used by malicious actors to launch both cyber and physical attacks. From social media to cars, homes, and even personal apparel, it’s essential to assess what we reveal and how it can compromise our security.

By taking simple steps to hide or obscure personal information, we can protect ourselves, our families, and our businesses from a range of threats. Remember, vigilance is key in this digital age. Staying mindful of the information we share is one of the best defences we have against those seeking to exploit our data for harmful purposes.

Safe public access everyone

Michael Plis

References

• Due to the complexity of this article and my lifelong neurodivergent disability I used a combination of my own IT & cybersecurity background experience, ChatGPT and Google Gemini to do the research, writing and also assisting me in editing. So if there are errors or something could be referenced that should be please DM me on all major social media profiles either via the social media channels listed at the top of the article or at the bottom. Thanks.

• ReachOut: Disclosing personal information

• Australian Office of Aus Information Commissioner (OAIC):

  • Use and disclosure of personal information

  • Guide to securing personal information

  • Handling personal information resources

  • Australian Community Attitudes to Privacy Survey 2023

• Australian Office of the Victorian Information Commissioner (OVIC): Information Sharing and Privacy – Guidance for Sharing Personal Information

• Australian NSW State Government: Protecting your privacy online

• University of Pennsylvania - Penn Today article: The dangers of sharing personal information on social media

• University of Kentucky article: How oversharing on social media could put your personal information at risk

• New Zealand Governments Protective Security Requirements (PSR) article: Risks of making personal information public through social media

• Microsoft support article: The dangers of oversharing

• Government of Canada article: How to avoid sharing too much information online

• Pew Research Center article: Americans and Privacy: Concerned, Confused and Feeling Lack of Control Over Their Personal Information

• ABC Article: The sensitive data of Australia’s security personnel is at risk of being on-sold to foreign actors

• Techzine article: Five billion people being tracked by Patternz surveillance tool

Ad Disclaimer

• You might be wondering why I have ads on my articles. I use Google AdSense to place ads here and on other articles. I write these pieces free of charge for you and don’t receive compensation for the hours of research and preparation involved. Google AdSense is one way for me to recoup a small portion of that effort. In my opinion, Google AdSense itself isn’t the problem—it’s simply a tool that places ads. The real issue lies with the advertisers and advertising marketplaces, including Google, who collect and sell personal information. They track what sites you visit via your web history on your Google or Facebook or other platform account—and they then use that data to target you with more effective ads that are placed on websites like ours. Everyone does that to earn something and as I’m a tiny blogger I get almost nothing. The real question is: who are they selling this data to, and are they ensuring it’s truly anonymized?

• When it comes to privacy, the real criminals in my opinion, aren’t the websites (like mine) that show the ads in exchange for free content (and yes who wants to pay for anything anymore or can pay for anything anymore?), but the corporations and marketplaces like Google that profit from exploiting personal information collected from your viewing history on your own Google account and who correlate that with viewed ads on websites. Their lack of transparency and proper verification of RTB (Real Time Bidding) marketplace raises serious concerns about who gets access to your data and how it’s being used. If the data isn’t being properly anonymized and can be correlated with enough data, then it could be misused in ways that go beyond simple ad targeting—affecting your privacy on a deeper level.

I will go here into a full reveal and recommendations how to defend against it or minimise its effects. I wanted to write a complete how to on this topic as it affects all people in the world and unfortunately not all telecommunications providers (there is more than 12,000 of them worldwide) have your security interests at heart.

These set of vulnerabilities bypass some 2 Factor Authentication methods, thus making it very important to know about it and how to defend from it.

Here’s a guide on how small businesses can protect themselves against SS7 and similar attacks.

Contents

Why are we talking about defending against SS7?

What Is SS7 & Why Is It Vulnerable?

History of SS7

Who & when were SS7 vulnerabilities discovered?

Basic Aspects of Telecommunications Networks Worldwide

1-6 - Aspects of Telecommunication Networks

7. Protocols

Protocols for 2G (GSM) / 3G (UMTS)

Protocols for 4G/LTE

Protocols for 5G

8. Standards

9. Types of Networks

Why is the Global Telecommunications Network Vulnerable?

Why Are Small Businesses at Risk?

How SS7 Attacks Work?

How SS7 Attacks Typically Occur

How difficult are SS7 exploits to undertake?

SS7 Mitigation Strategies for Small Business

Key ways to defend against SS7 attacks

Q: Is adding +XXX country codes help defend against SS7 threats?

Q: Is getting rid of 2G/3G going to stop SS7 threats?

Q: What’s the impact of getting rid of 3G network?

Q: Then, is it possible to eliminate 2G/3G Worldwide?

Defending Against Other Mobile Protocol Attacks on 4G/LTE/5G

Common Threats and Defenses in both 4G/5G Protocols

4G/LTE Based Attacks Defenses

5G Based Attacks Defenses

Partner with a Reputable Mobile Carrier (Large List of Countries)

Europe

North America

South America

Asia-Pacific

Africa

Middle East

When travelling & roaming

Reputation & standards are important for carriers

What if I choose to keep using SMS 2FA?

What are dangers of switching to other 2FA methods?

Conclusion

References

Why are we talking about defending against SS7?

In today’s interconnected world, small businesses rely heavily on mobile networks for communication, security, and operations. While mobile technology offers numerous advantages, it also exposes businesses to vulnerabilities that could compromise sensitive data. One particularly dangerous attack vector is SS7 (System Signaling Number 7), which has been used by hackers to intercept calls, messages, and even bypass two-factor authentication (2FA). Understanding and defending against these attacks is crucial for small businesses that depend on mobile technologies.

Recently Veritasium Youtube Channel highlighted in a video “Exposing the Flaw in Our Phone System“ several key issues surrounding the vulnerabilities in the SS7 protocol are brought to light showing the clear and present danger from SS7 to the whole world.

The Vertasiums video emphasizes how the SS7 system, a foundational part of global telecommunication infrastructure, has inherent weaknesses that expose users to serious security risks. The protocol, initially designed for reliability rather than security, is vulnerable to exploitation, allowing malicious actors to intercept calls, messages, and even track users’ locations.

Key quotes from the video highlight these concerns:

• On the system’s design flaw: “SS7 wasn’t built with security in mind because, at the time, it was only trusted parties who had access to it. But now, that trust is gone.”

• On the severity of potential attacks: “Hackers don’t need direct access to your phone; they can do it remotely through vulnerabilities in the SS7 system.”

• On the real-world impacts: “The flaw has allowed surveillance companies to offer services that can track anyone, anywhere, simply by accessing the SS7 network.”

This systemic issue underscores the importance for mobile carriers to enhance their SS7 security measures to protect against these types of attacks. Some carriers in regions such as Europe, Middle East, Asia, Africa, South and North America are beginning to strengthen their protocols, but it remains a pressing concern for the entire industry.

If you’re running a small business that relies on mobile communications, it’s crucial to choose carriers that prioritize SS7 security and implement strong back-office protections.

Let’s now find out what is SS7 and why it’s vulnerable.

What Is SS7 & Why Is It Vulnerable?

SS7 (Signaling System No. 7) is a crucial component of global telecommunication (phone & SMS) networks, but its age and complexity have made it susceptible to various attacks. While individuals can’t directly defend against SS7 vulnerabilities at a network level, there are steps to mitigate risks and protect personal data.

SS7 is a set of telecommunication protocols that allows networks to communicate for call setup, routing, billing, and SMS exchange. Originally developed in the 1970s, SS7 was designed with a trust-based system, assuming that anyone with access to the network is trustworthy. This assumption has made it an attractive target for cybercriminals, as it lacks robust security measures.

Hackers can exploit SS7 vulnerabilities by intercepting mobile communications, tracking phone locations, and even hijacking 2FA codes sent via SMS, posing a significant threat to businesses that rely on mobile phones for security and communication.

History of SS7

SS7 (Signaling System No. 7) is a set of telecommunication protocols developed in the 1970s to manage the exchange of information over the Public Switched Telephone Network (PSTN). Here’s a brief history:

Development in the 1970s

• SS7 was created by ITU-T (International Telecommunication Union - Telecommunication Standardization Sector) to replace older in-band signaling systems, where control signals were sent along the same channel as the voice data.

• In-band signaling systems were vulnerable to fraud and limited in bandwidth, so the move to an out-of-band signaling system like SS7 helped increase both the security and efficiency of call routing.

Introduction in the 1980s

• By the 1980s, SS7 became the standard signaling protocol for ISDN (Integrated Services Digital Network) and cellular networks. It allowed more efficient call setup, management, and termination across different networks and regions.

• It also facilitated Caller ID, toll-free numbers, and call forwarding features by separating the signaling information from the voice channels.

• Vulnerabilities in the telecommunications system, specifically in the Signaling System 7 (SS7) protocol, have been known since the 1980s. SS7 was developed in 1975 to handle the exchange of information between different telecommunications networks. However, as the internet and digital communication grew, so did awareness of its vulnerabilities in the 90’s and further on.

Expansion in the 1990s

• SS7 expanded with the growth of mobile networks and SMS. It enabled cellular networks to track users between different cells, manage handovers, and deliver messages across various carriers.

• SS7 also began to support Intelligent Network (IN) services, enabling advanced features like prepaid billing and number portability.

Emergence of Security Concerns in the 2000s

• As telecommunications systems expanded globally, it became clear that SS7 had inherent security vulnerabilities. The system was originally designed with trust between operators, assuming that only trusted entities would have access to it.

• However, as telecom networks became more interconnected, attackers began exploiting these trust assumptions. The ability to intercept calls, spoof phone numbers, and track users became possible by manipulating SS7 commands.

SS7 Vulnerabilities Exposed in the 2010s

• Major SS7 vulnerabilities became public knowledge in the 2010s, with reports of hackers, nation-states, and surveillance companies exploiting the system for espionage.

• Researchers and cybersecurity firms demonstrated how hackers could intercept SMS messages (including two-factor authentication codes) and listen in on phone calls by exploiting SS7 weaknesses.

• The vulnerabilities in the SS7 (Signaling System 7) protocol were first brought to public attention in December 2014 by German researchers Tobias Engel and Karsten Nohl. They independently uncovered weaknesses in the protocol and later collaborated to present their findings. These vulnerabilities allowed for the interception of phone calls, text messages, and the tracking of phone locations on a global scale. These vulnerabilities were previewed in an interview with The Washington Post before presenting them at the Chaos Communication Congress (Wikipedia) in December 2014.

Present Day and Future of SS7

• As 5G networks continue to roll out, SS7 is being phased out (2G/3G) in favor of more modern protocols like Diameter for 4G and 5G networks. However, SS7 remains crucial for backward compatibility, meaning that vulnerabilities will continue to exist for some time.

• Many mobile carriers have implemented firewalls and monitoring tools to detect and block SS7 attacks, but these efforts are not consistent across all regions.

SS7’s development marks a significant evolution in global telecommunications, but its legacy is now intertwined with ongoing security challenges. Carriers and governments are now focusing on how to better secure signaling in the modern era while managing compatibility with existing infrastructure.

Sources on SS7 history:

• ITU-T standards documentation

• Research articles from cybersecurity firms such as FireEye and Positive Technologies

• Vertasium’s video on SS7 security vulnerabilities​ “Exposing The Flaw In Our Phone System“

Who & when were SS7 vulnerabilities discovered?

The vulnerabilities in the SS7 (Signaling System 7) protocol were first brought to public attention by German researchers Tobias Engel and Karsten Nohl. They independently uncovered weaknesses during 2014 in the protocol and later collaborated to present their findings publically. These vulnerabilities allowed for the interception of phone calls, text messages, and the tracking of phone locations on a global scale.

SS7 was originally designed to ensure smooth call transitions between cell towers, but due to weak security measures, these functions could be exploited for surveillance. Tobias Engel previewed his findings in an interview with The Washington Post (article) before presenting them at the Chaos Communication Congress (CCC) (Wikipedia) in December 2014 (YouTube talk “Tobias Engel: SS7: Locate. Track. Manipulate”).

Karsten Nohl, known for his work in breaking GSM encryption, also contributed to the research, highlighting how these flaws could bypass network encryption for malicious purposes. Tobias Engel also has been speaking about some of the SS7 vulnerabilities as far back as 2008 at the 25th Chaos Communication Congress (CCC) convention talk entitled “25c3: Locating Mobile Phones using SS7“.

Here is the replay of his reveal speech on the CCC on 29th December 2014 in Berlin, Germany delivered by Tobias Engel

Vulnerabilities in the telecommunications system, specifically in the Signaling System 7 (SS7) protocol, have been known since the 1980s. SS7 was developed in 1975 to handle the exchange of information between different telecommunications networks. However, as the internet and digital communication grew, so did public awareness of its vulnerabilities.

So we can see that these weaknesses have been around for a while but the entire software industry has been pushing out 2 Factor Authentication primarily using SMS or Phone Call options. For example Microsoft products still have Phone call option. Most websites only have SMS based 2 factor authentication. This is a huge concern as we enter hyper connected world.

Lets now learn all about the global telecommunication system.

Basic Aspects of Telecommunications Networks Worldwide

Telecommunications networks are complex systems that rely on various identifiers and protocols to manage devices, routes, and user accounts, facilitating seamless communication globally. Here are the basic aspects of telecommunications networks, including key elements like GTs, IMEI, and SIM numbers:

1. Global Title (GT)

• Purpose: Used in SS7 signaling to route messages across networks.

• Function: Translates to Point Codes for directing signaling messages to the correct destination (e.g., SMS delivery, call routing). This system ensures efficient communication between mobile networks across regions or countries.

2. IMEI (International Mobile Equipment Identity)

• Purpose: Unique identifier for mobile devices.

• Function: Helps identify and track devices on the network, allowing carriers to block stolen phones or manage device capabilities.

3. SIM Number (ICCID - Integrated Circuit Card Identifier)

• Purpose: Unique identifier for the SIM card itself.

• Function: Links the SIM card to a specific mobile account, containing details about the country, issuing network, and a unique identifier.

4. IMSI (International Mobile Subscriber Identity)

• Purpose: Unique identifier for mobile subscribers.

• Function: Used by networks to authenticate the subscriber and manage services.

5. MSISDN (Mobile Station International Subscriber Directory Number)

• Purpose: Phone number associated with the SIM card.

• Function: Used for dialing and routing calls to the subscriber’s device.

6. Network Elements

• Mobile Switching Center (MSC): Routes calls and messages, manages mobile services.

• Base Station Controller (BSC): Manages base stations, handles resource allocation for calls.

• Home Location Register (HLR): Database that stores subscriber information, including service profiles and current locations.

7. Protocols

Protocols for 2G (GSM) / 3G (UMTS):

• SS7 (Signaling System No. 7): A set of protocols used for signaling in telephone networks (2G/3G and backwards compatible in 4G/LTE/5G networks), enabling call setup, routing, and SMS delivery. Key protocols in SS7 are:

  • MTP (Message Transfer Part): MTP Level 1 & 2: Responsible for physical, data link, and error correction functions (similar to OSI layers 1 and 2). MTP Level 3: Provides network layer routing and message delivery between SS7 nodes. Delivers SMS signaling messages over the SS7 network for 2G and still used for 3G message routing and delivery.

  • SCCP (Signaling Connection Control Part): Adds additional routing capabilities to MTP, enabling services like global title translation (used for routing messages based on phone numbers). Supports connection-oriented and connectionless communication. Routes SMS messages over SS7 for 2G and still used in 3G for message routing and delivery.

  • TCAP (Transaction Capabilities Application Part): Manages the setup, control, and teardown of signaling transactions (e.g., queries for databases like HLR/VLR).

    Used for services such as mobile roaming, number portability, and SMS.

  • MAP (Mobile Application Part): Manages mobile-specific signaling for tasks such as location updates, authentication, roaming, and SMS. Frequently used in mobile networks (GSM, UMTS) for communication between core network elements like HLR, VLR, and MSC. Purpose: Facilitates communication between network elements in 2G/3G (like Home Location Register (HLR), Visitor Location Register (VLR), and Mobile Switching Center (MSC)). Functionality: Supports tasks like location updates, roaming, and SMS delivery.

  • ISUP (ISDN User Part): Manages call setup and teardown over SS7 for circuit-switched voice calls for 2G/3G. Handles the setup and teardown of voice and data calls over the public switched telephone network (PSTN). Facilitates call-related signaling for circuit-switched networks.

  • BSSAP (Base Station System Application Part):

    • Purpose: Operates in GSM to connect the Base Station Subsystem (BSS) with the core network (MSC).

    • Functionality: Handles signaling between the BSC and MSC for voice calls and SMS routing.

  • 3G Only: RANAP (Radio Access Network Application Part): Manages signaling between the Radio Network Controller (RNC) and core network for SMS and voice calls/services.

    • Purpose: Used in 3G networks for communication between the Radio Network Controller (RNC) and the core network.

    • Functionality: Manages radio access bearers, signaling for call setup, and mobility functions in 3G UMTS networks.

• GTP (GPRS Tunneling Protocol):

  • Purpose: Handles user data transmission in 3G networks and beyond.

  • Functionality: GTP-C manages control signaling for establishing sessions, while GTP-U encapsulates user data for transfer across the core network (e.g., between base stations and gateways).

• A-interface (GSM A-Interface Protocol):

  • Purpose: Connects the Base Station Controller (BSC) to the Mobile Switching Center (MSC) in 2G (GSM) networks.

  • Functionality: Manages voice call setup, handovers, and mobility between base stations.

Protocols for 4G/LTE:

• Diameter: Used for authentication, authorization, and accounting (AAA) between network elements. Replaces the older SS7 protocol used in 2G/3G for certain functions.

• SGsAP (SGs Application Part): Supports SMS over LTE, allowing SMS delivery even when the user is on an LTE-only network.

• IP-SM-GW (IP Short Message Gateway): Provides SMS transmission over IP-based networks (for 4G).

• VoLTE (Voice over LTE): Voice calls are transmitted over LTE’s IP-based network using the IMS (IP Multimedia Subsystem).

• SIP (Session Initiation Protocol): Manages call setup, control, and teardown in IMS-based voice calls.

• SRVCC (Single Radio Voice Call Continuity): Manages handovers of voice calls between LTE (packet-switched) and 2G/3G (circuit-switched) networks.

• GTP (GPRS Tunneling Protocol): The GTP-C (Control Plane) manages signaling for session establishment, mobility, and traffic forwarding. GTP-U (User Plane) is responsible for data encapsulation and user data transmission.

• S1-AP (S1 Application Protocol):

  • Purpose: Manages signaling between the LTE eNodeB (base station) and the core network (MME).

  • Functionality: Handles procedures such as session establishment, mobility management, and resource allocation in LTE.

• X2-AP (X2 Application Protocol):

  • Purpose: Facilitates communication between neighboring LTE eNodeBs (base stations).

  • Functionality: Manages tasks like handovers (when a user moves between base stations) and load balancing to optimize network performance.

• NAS (Non-Access Stratum):

  • Purpose: Manages communication between the user equipment (UE) and the core network for tasks not related to the radio access layer. Handles SMS signaling in LTE networks.

  • Functionality: Handles signaling for authentication, mobility, and session management, ensuring secure and smooth connectivity in the network.

Protocols for 5G:

• HTTP/2 (major revision of the HTTP (Hypertext Transfer Protocol)): Replaces Diameter for signaling in the 5G core network. It’s used for authentication, session management, and resource allocation in the 5G Core (5GC). Purpose: Used primarily for web-based services in 5G networks, enhancing web performance due to its multiplexing, header compression, and server push features. Usage: Ideal for applications requiring low latency and high throughput, such as video streaming and interactive applications.

  • HTTP/3 (Future Use): Purpose: An evolution of HTTP/2, based on QUIC (Quick UDP Internet Connections), which is designed to reduce latency further. Usage: May be utilized in future 5G applications for real-time communication and services, taking advantage of its lower latency and faster connection establishment.

  • IMS (IP Multimedia Subsystem): If available, 5G sends SMS via IMS using IP-based messaging protocols. Provides the framework for managing voice services over IP in 5G.

  • SMSF (SMS Function): A dedicated function in the 5G core for handling SMS.

  • VoNR (Voice over New Radio): 5G voice calls are managed entirely over the 5G NR air interface using IMS.

  • SIP (Session Initiation Protocol): Continues to manage call setup and teardown for 5G voice calls.

• NGAP (Next-Generation Application Protocol):

  • Purpose: Manages signaling between the 5G core network and the gNodeB (5G base station) and the Radio Access Network (RAN).

  • Functionality: Controls functions like session management, mobility, and resource allocation in 5G networks. Manages control plane signaling for establishing and maintaining connections and session management.

• SDAP (Service Data Adaptation Protocol):

  • Purpose: Ensures Quality of Service (QoS) for user data in 5G by mapping traffic to specific QoS levels.

  • Functionality: Adapts user data into the 5G air interface, helping prioritize different types of services (e.g., streaming vs. voice calls).

• NAS (Non-Access Stratum):

  • Purpose: Handles signaling between the user equipment (device) and the core network in 4G and 5G. Manages SMS signaling in 5G as it does in 4G.

  • Functionality: Manages processes like authentication, security, mobility, and session management.

• GTP (GPRS Tunneling Protocol):

  • Purpose: Encapsulates user data for transmission across networks in both 4G and 5G.

  • Functionality: GTP-C handles control signaling, while GTP-U transmits user data, facilitating data transfer between network nodes (e.g., base stations, gateways).

8. Standards

• 2G (2nd Generation): A second-generation mobile network standard that introduced digital voice transmission and text messaging (SMS). It marked the transition from analog to digital, improving call quality and enabling features like roaming and more efficient use of the radio spectrum.

• 3G (3rd Generation): Third-generation mobile communication technology that provided enhanced data rates and capabilities, enabling mobile internet access, video calling, and multimedia services. It introduced packet-switched data transmission, improving the overall efficiency of mobile data services.

• 4G(4th Generation): Fourth-generation mobile communication standard offering significantly faster data speeds and improved network capacity compared to its predecessors. It supports high-definition video streaming, online gaming, and other bandwidth-intensive applications, with LTE (Long-Term Evolution) as its most widely adopted variant.

• LTE (Long-Term Evolution): A standard for wireless broadband communication, facilitating high-speed data transmission. Another name for it is 4G. LTE enhances mobile internet connectivity with lower latency, increased capacity, and improved spectral efficiency, making it suitable for high-definition multimedia services.

• 5G (5th Generation): Fifth-generation mobile communication technology that revolutionizes wireless connectivity with ultra-fast data speeds, low latency, and massive device connectivity. It supports advanced applications like IoT (Internet of Things), autonomous vehicles, and augmented/virtual reality, enabling smart cities and enhanced user experiences. 5G is built on top of 4G and works along 4G protocols.

• 6G (6th Generation): Sixth-generation mobile communication technology that aims to revolutionize connectivity with ultra-high data speeds, expected to exceed 100 Gbps. It focuses on ultra-low latency, potentially as low as 1 millisecond, and will integrate advanced technologies such as AI, machine learning, and terahertz frequency bands. 6G is anticipated to support innovative applications like holographic communication, enhanced augmented reality (AR), and massive Internet of Things (IoT) deployments, enabling a more interconnected and intelligent world. Countries like China, the United States, South Korea, and Japan are investing heavily in research to develop 6G standards and technologies. Other countries are lagging in this.

9. Types of Networks

• Public Switched Telephone Network (PSTN): Traditional circuit-switched telephone network.

• Mobile Networks: Cellular networks that provide mobile communication services.

• VoIP (Voice over Internet Protocol): Technology that enables voice calls over the internet.

Why is the Global Telecommunications Network Vulnerable?

The telecommunications networks’ vulnerability stems from its complexity, interconnectivity, inconsistent security practices, and the high value of the data it manages. These factors create multiple avenues for potential threats, necessitating robust security measures and collaboration among providers to mitigate risks. The telecommunications industry is vulnerable due to several factors, especially given the presence of over 12,000 providers globally. Here are some key reasons:

1. Diverse Infrastructure

• Complexity: Many providers have different technologies, protocols, and systems, making integration and security challenging.

• Legacy Systems: Some networks still use outdated technology, which may have security vulnerabilities.

2. Interconnectivity

• Network Dependencies: Providers often rely on each other for services, creating multiple points of failure.

• Routing Vulnerabilities: Interconnected systems can be exploited to reroute traffic, leading to potential interception or data breaches.

3. Inconsistent Security Standards

• Varied Practices: Different providers may implement security measures inconsistently, leaving gaps that can be exploited.

• Regulatory Differences: Varying regulations across countries can lead to weaker protections in some regions.

4. High Target Value

• Data Richness: Telecom networks handle vast amounts of personal and financial data, making them attractive targets for cybercriminals.

• Service Disruption: Attacks on telecom infrastructure can disrupt services, causing significant economic impact.

5. Supply Chain Vulnerabilities

• Third-party Risks: Many telecom companies rely on third-party vendors for equipment and services, which can introduce vulnerabilities.

• Software Dependencies: Vulnerabilities in software used across networks can compromise entire systems.

6. Human Factors

• Insider Threats: Employees may inadvertently or intentionally compromise security through negligence or malicious actions.

• Social Engineering: Employees can be targeted through phishing or other tactics to gain access to sensitive information.

7. Rapid Technological Changes

• Innovation Pace: The fast evolution of technology can outstrip security measures, leaving systems exposed.

• IoT Integration: The rise of IoT devices adds more entry points and complexity, increasing the attack surface.

But what about the risks to small businesses?

Why Are Small Businesses at Risk?

While large enterprises may have the resources to implement advanced security solutions, small businesses often lack the dedicated IT teams and budgets to stay ahead of evolving threats.

However, they are just as reliant on mobile communication, making them equally susceptible to SS7 and other signaling protocol attacks. Additionally, small businesses may assume that cybercriminals won’t target them, which can lead to complacency.

Small businesses face significant cybersecurity risks due to various factors, despite being critical players in the economy. Here’s a detailed look at why they are particularly vulnerable:

1. Limited Resources

• Budget Constraints: Small businesses often operate with tight budgets, which can restrict their ability to invest in advanced cybersecurity solutions and tools.

• Lack of Dedicated IT Teams: Many small businesses don’t have full-time IT staff. This limits their capacity to monitor, manage, and respond to security threats effectively.

2. Dependence on Mobile Communication

• Reliance on Telecommunications: Small businesses use mobile communication for operations, customer interactions, and transactions, making them reliant on the same signaling protocols that larger enterprises use.

• Vulnerability to SS7 Attacks: Just like larger organizations, small businesses can be targeted through vulnerabilities in SS7 and other signaling protocols, potentially leading to data breaches or service disruptions.

3. Assumptions About Targeting

• Complacency: Many small business owners mistakenly believe they are not significant enough to attract cybercriminals, leading to a false sense of security.

• Underestimating Threats: Small businesses often overlook the fact that cybercriminals frequently target smaller entities, viewing them as easier targets with less robust defenses.

4. Lack of Awareness and Training

• Insufficient Cybersecurity Training: Employees in small businesses may not receive adequate training on cybersecurity best practices, making them more susceptible to phishing and social engineering attacks.

• Ignorance of Risks: Without proper awareness, staff might engage in risky behaviors, such as using weak passwords or ignoring software updates.

5. Inadequate Security Measures

• Basic Security Solutions: Small businesses may only implement basic security measures, such as antivirus software, which may not be sufficient against sophisticated threats.

• Failure to Conduct Risk Assessments: Many small businesses do not regularly evaluate their cybersecurity posture or conduct risk assessments, leaving them unaware of vulnerabilities.

6. Third-party Dependencies

• Vendor Risks: Small businesses often rely on third-party vendors for software and services. If these vendors lack strong security practices, it can expose the small business to potential attacks.

• Supply Chain Vulnerabilities: An attack on a third-party provider can lead to cascading effects, impacting the small business indirectly.

7. Regulatory Compliance Challenges

• Complex Regulations: Small businesses may struggle to understand and comply with relevant cybersecurity regulations, exposing them to legal risks.

• Resource Constraints for Compliance: Meeting compliance requirements often demands resources and expertise that small businesses may lack.

Small businesses are at risk due to their limited resources, reliance on mobile communication, complacency about cyber threats, and inadequate security measures. To mitigate these risks, small businesses should prioritize cybersecurity awareness, invest in appropriate solutions, and regularly assess their security posture. By understanding their vulnerabilities and taking proactive measures, they can enhance their defenses against evolving threats.

How SS7 Attacks Work?

SS7 (Signaling System No. 7) attacks exploit vulnerabilities in the telecommunications signaling system that governs how mobile networks communicate. Here’s an in-depth look at how these attacks are executed and their implications:

1. Accessing the SS7 Network

• Unauthorized Access: Hackers often gain access to the SS7 network through compromised telecom infrastructure or by exploiting weak security practices in telecom companies. Since SS7 was designed in a more trusting era, it lacks robust authentication mechanisms.

• Interconnectedness: The global nature of telecom networks means that once a hacker breaches one network, they may have a pathway to access others, facilitating widespread attacks.

2. Call Interception

• Listening In: Once hackers are inside the SS7 network, they can intercept calls. This is typically done by routing the call through their own device, allowing them to listen in without the user being aware.

• No Trace Left: The nature of SS7 allows for this interception to occur without alerting the user or the telecom provider, making it particularly stealthy.

3. SMS Interception

• Reading Texts: Hackers can intercept SMS messages, enabling them to read sensitive texts intended for the target. This includes personal messages, verification codes, or any other communication.

• Potential Consequences: Intercepted texts can lead to unauthorized access to accounts, as many systems still use SMS as a verification method.

4. Location Tracking

• Pinpointing Location: By exploiting SS7 vulnerabilities, hackers can access a user’s location data in real time. This allows them to track the movements of individuals or assets.

• Privacy Risks: This can lead to significant privacy violations and is particularly concerning for high-profile individuals or those in sensitive situations.

5. SIM Swapping

• Transferring Phone Numbers: In a SIM swapping attack, a hacker can convince a telecom provider to transfer a target’s phone number to a new SIM card controlled by the hacker. This often involves social engineering techniques, such as impersonating the target.

• Gaining Control: Once the phone number is on the hacker’s SIM, they can receive calls, texts, and two-factor authentication (2FA) codes, effectively taking control of the target’s accounts.

How SS7 Attacks Typically Occur

Here’s a simple breakdown of how SS7 attacks typically occur in sequence:

1. Accessing the SS7 Network: Hackers gain unauthorized access to the SS7 network, which isn’t as difficult as it sounds, due to the interconnectedness of global telecom networks.

2. Intercepting Calls or SMS: Once inside, they can monitor voice calls, SMS messages, and even location data in real time.

3. Hijacking 2FA Codes: By intercepting SMS-based 2FA messages, they can access email accounts, banking systems, or corporate networks, effectively bypassing this critical security measure.

SS7 attacks exploit inherent vulnerabilities in the telecommunications signaling system, allowing hackers to intercept calls and SMS, track locations, and execute SIM swapping.

The interconnected nature of global telecom networks makes unauthorized access easier, resulting in serious security implications for users and businesses. Understanding these vulnerabilities is crucial for both telecom providers and users to bolster defenses against such attacks.

How difficult are SS7 exploits to undertake?

SS7 exploits are difficult to perform but not impossible, especially for attackers with enough resources and access to telecommunications networks. Here’s an overview of the complexity involved:

1. High-Level Access

• SS7 exploits require direct access to the global telecommunications network, which is not easily attainable. Only telecommunications companies, or those with special access to these systems (through hacking, insider help, or buying access on black markets), can directly interact with SS7.

• Difficulty: Gaining access to SS7 networks is not something a casual hacker can do. It typically requires significant resources, advanced knowledge, or insider assistance.

2. Specialized Knowledge

• An attacker would need detailed technical knowledge of SS7 protocols and how mobile networks handle communication.

• This kind of knowledge is not easily accessible to the average hacker. While some vulnerabilities are well-documented, practical knowledge of how to exploit them takes years of specialized training or collaboration with other experts.

3. Resources

• Conducting SS7 attacks often involves expensive equipment and considerable financial resources. Tools to intercept SS7 traffic and inject commands into networks are specialized and costly.

• Governments, large criminal organizations, and well-funded actors typically have the resources to mount such an attack.

4. Stealth & Detection

• SS7 attacks must often be conducted stealthily to avoid detection by the telecom company or the user. This adds another layer of complexity, as security teams at mobile carriers can detect unusual traffic or activity in SS7 protocols.

5. Success Rate

• Even with access and resources, an attacker’s success is not guaranteed. Mobile carriers constantly update their security measures, and the global push toward securing telecom systems means the window for SS7 vulnerabilities is closing.

• Targeting: SS7 attacks are generally reserved for high-value targets (e.g., politicians, business executives) rather than the average person.

SS7 exploits are complex, costly, and generally out of reach for everyday hackers. However, they remain a threat from sophisticated actors such as nation-states or highly organized cybercrime syndicates. Because of the high level of difficulty, SS7 vulnerabilities are more of a concern for high-profile individuals rather than regular users. Nonetheless, it’s a good practice to avoid SMS-based 2FA due to the potential for such attacks.

Let’s now learn how to mitigate the threats to small business.

SS7 Mitigation Strategies for Small Business

• Multi-Factor Authentication (MFA): Enable MFA on your mobile account. This adds an extra layer of security, making it harder for hackers to access your account even if they compromise your password.

• Change to strong passwords: Change your passwords regularly, using strong combinations of letters, numbers, and symbols. Avoid using easily guessable information. I would say regular changes to those passwords is necessary for weak services and websites with poor cybersecurity practices. For sites with multi factor authentication (multiple forms of authentication other than password) it’s probably not necessary to change passwords too often. As regards Passkey technology being pushed by some top corporations - this technology is in early state and can be a bit fiddly - so I would suggest small business wait till everyone embraces it. Passkeys are like IPv6 - not used widely yet but it would mean never remembering passwords as there would be non.

• Beware of Phishing Attempts: Be cautious of suspicious emails, texts, or calls asking for personal information. Never click on links or download attachments from unknown sources.

• Limit Personal Information Sharing: Avoid sharing sensitive information like your full address, date of birth, or social security number over the phone or online, especially with unfamiliar individuals or organizations.

• Use Secure Messaging Apps: For sensitive communication, consider using encrypted messaging apps like WhatsApp, Signal, or Telegram (Although after recent revelations on Telegram I would be cautious in using it as Telegram I’m told has vulnerabilities or back doors for state actors - not really sure - investigate the allegations yourself as its a developing story).

• Monitor Your Account Activity: Regularly check your mobile account statements for any unusual activity, such as unauthorized calls or data usage. Report any suspicious activity to your mobile carrier immediately.

• Choose a Reputable Carrier: Select a mobile carrier with a strong security reputation and that takes proactive measures to protect its customers from SS7 attacks. I made a large list of reputable mobile carriers worldwide to help you make decisions - go to heading “Partner with a Reputable Mobile Carrier (Large List of Countries)“

Key ways to defend against SS7 attacks

While small businesses may not be able to control the weaknesses of SS7 directly, there are several steps you can take to mitigate risks and protect your operations.

1. Switch from SMS-Based 2FA to App-Based Authentication

• Problem: SS7 attacks can intercept SMS messages, making SMS-based two-factor authentication (2FA) vulnerable.

• Solution: Use app-based 2FA solutions like Google Authenticator, Authy, or Microsoft Authenticator. These apps generate time-based one-time passcodes (TOTP) that are not sent over the network, thus removing the risk of interception. Setup everything like that and remove SMS as a recovery option.

  • BUT CAUTION IS ADVISED: While removing SMS as a recovery option, ensure you have multiple backup methods to regain access if needed. Eliminating SMS as a recovery option is a crucial step in defending against SS7 attacks. By switching to app-based authentication, implementing robust backup recovery options, educating users, and continuously monitoring security, small businesses can significantly enhance their security posture. Careful planning and execution are key to ensuring a smooth transition while maintaining access to critical accounts. Here is suggestion actions:

    • Backup or Recovery Codes: Generate a set of backup codes when setting up 2FA. Store these codes securely offline. Microsoft and Google accounts under Security Tab then under the section for 2 Factor either generate 10 codes or one recovery code.

    • Email Recovery: Use a secure email address with strong security measures for recovery, but ensure it’s also protected with 2FA that doesn’t use SMS or Phone call verification. Minimize access to the recovery email to prevent it from being compromised.

    • Authenticator App Backup setting: Some apps allow you to backup your settings to a secure cloud service. Both Google Authenticator and Microsoft Authenticator have cloud backup into selected accounts. Turn that on in the app.

    • Get Hardware Security Keys or Tokens (YubiKey, Google Titan, etc.): Provides top-tier security because it requires physical access to a token for authentication. Hardware tokens aren’t vulnerable to SS7 or 5G vulnerabilities. Less convenient than SMS or authentication apps since you need to carry the token with you. If lost, the hardware token can lock you out unless you have backups or alternative methods so I suggest this option should be a backup and keep it in a safe place in case you lose your phone or computer and need to get back in.

      • Suggestions on products as at 2024:

        • YubiKey 5 Series (Best choice - Overall security and versatility)

        • Google Titan Security Key (only available in some countries)

        • Feitian ePass K9 (Budget-friendly, multi-protocol support.)

        • SoloKeys USB-C/NFC (for Open-source enthusiasts)

        • Thetis FIDO U2F Security Key (Affordable, basic security needs)

2. Encourage the Use of Encrypted Communication Apps

• Problem: SS7 exploits can allow hackers to eavesdrop on voice calls and messages.

• Solution: Encourage your employees to use encrypted communication apps such as WhatsApp, Signal, or Telegram, which offer end-to-end encryption, making intercepted data unreadable. Especially when sharing passwords, sensitive information like banking and other sensitive details.

3. Secure Your Business Phones with Strong Encryption

• Problem: Even if the SS7 network is compromised, strong encryption on the device can prevent hackers from accessing sensitive data.

• Solution: Ensure that all business phones are encrypted. Both Android and iOS devices offer built-in encryption, which should be enabled as part of standard device setup.

4. Use Virtual Private Networks (VPNs) for Remote Work

• Problem: Unsecured networks (like public Wi-Fi) expose mobile devices to a variety of cyberattacks.

• Solution:

  • A Virtual Private Network (VPN) can encrypt your internet traffic, making it more difficult for hackers to intercept your data. Ensure that employees use a VPN whenever they access company systems remotely. This encrypts all traffic between the device and the internet, offering an additional layer of security.

  • Avoid using public Wi-Fi networks for sensitive activities like online banking or shopping, as they may be less secure.

5. Implement Multi-Layered Security Policies

• Problem: Relying on just one layer of security (like 2FA) is not enough when faced with sophisticated attacks.

• Solution: Deploy a multi-layered approach to security that includes:

  • Strong, unique passwords for each system.

  • Regular employee training on phishing and social engineering attacks.

  • Network firewalls and intrusion detection systems (IDS).

6. Monitor and Audit Mobile Security Regularly

• Problem: New vulnerabilities and attack methods emerge all the time.

• Solution: Regularly audit your mobile and network security. Consider hiring a cybersecurity expert or consulting firm to conduct penetration testing and identify potential vulnerabilities in your system. Cyberkite offers bimonthly, quarterly, 6 monthly and yearly cybersecurity’s checks for small businesses in Australia. Learn more on that: cyberkite.com.au/cybersecurity

7. Educate Employees and Users

• Awareness Training: Conduct regular training sessions on the importance of security practices, including recognizing phishing attempts and understanding the risks associated with SMS.

• Clear Instructions: Provide clear guidance on how to set up app-based authentication and backup recovery options if they require staff to setup themselves to make sure incorrect authentication options aren’t set.

8. Monitor Account Activity

• Real-Time Alerts: Set up real-time notifications for any suspicious account activity, such as login attempts from unrecognized devices or locations.

• Regular Account Checks: Encourage users to regularly check their account activity for unauthorized actions.

9. Keep Your Software Updated

• Problem: Devices and applications may not be up to date and have much weaker security protections.

• Solution: Ensure your mobile device’s operating system and apps are always up-to-date with the latest security patches.

While SS7 vulnerabilities remain a challenge, by following these guidelines, you can significantly reduce your risk of falling victim to attacks and protect your personal information.

Some additional questions arise.

Q: Does adding +XXX country codes by user help defend against SS7 threats?

As a phone user: Using + country codes (+61 ) for phone numbers alone does not prevent or mitigate SS7 vulnerabilities. While dialing with the international format (including the +country code) ensures that numbers are routed correctly, it does not address the inherent security weaknesses in the SS7 protocol itself.

The vulnerabilities in SS7 arise from the way signaling messages are handled, especially for tasks like call setup, SMS routing, and inter-network roaming. Attackers can intercept or manipulate these messages due to a lack of encryption and authentication in the protocol.

To defend against SS7 vulnerabilities, use of complete phone numbers with country code (+XXX) (instead of just local non country codes numbers) needs to be enforced at the carrier level. This could include:

• Encryption and authentication of signaling messages

• Monitoring SS7 traffic for suspicious patterns (e.g., unexpected message routing)

• Implementing firewalls specifically designed for SS7 traffic

• Transitioning to newer protocols like Diameter (for 4G/5G), though even these have vulnerabilities that need to be properly managed. Idea? Perhaps eliminating 2G/3G networks with weaker protocols from the carriers network which is happening in some countries like Australia but very cautiously to avoid outages to devices that rely on 2G/3G networks.

The solution needs to come from the carriers with robust security measures on their networks, not through customer dialing habits. In summary, as a user, adding country codes helps with routing but does not protect against SS7 vulnerabilities, which require infrastructure-level defenses from telecom operators.

Q: Is getting rid of 2G/3G in a country going to stop SS7 threats?

Switching off 2G or 3G networks can reduce the risk of SS7 (Signaling System 7) vulnerabilities, but it won’t completely eliminate them. Here’s why:

• SS7 vulnerabilities primarily affect older networks: 2G and 3G networks rely on SS7 for signaling and inter-network communication. These networks are more vulnerable to SS7-based attacks, which can allow attackers to intercept calls, track location, or eavesdrop on conversations. Many third world countries still rely and will rely on 2G/3G networks for years to come and uptake of low cost 4G mobile phones for users will take considerable time.

• Modern networks use different protocols: 4G (LTE) and 5G networks use newer signaling protocols, such as Diameter, SIP, HTTP/2 and GTP, which have stronger security mechanisms. However, SS7 is still used for backward compatibility, meaning that some vulnerability remains as long as the network interacts with older systems and older networks.

• What happens after shutting down 2G/3G:

  • If a network still has fall back to 3G if low signal: By shutting off 2G or 3G networks, a country can reduce the attack surface for SS7-related threats. This forces users onto 4G and 5G networks, which are more secure. However, if any fallback or interconnection to SS7 is still in place (for roaming or legacy devices), some risks could persist.

  • Inoperative Devices after switchover: The other issue of phasing out 2G/3G is so many devices are hard wired to work on 2G or 3G devices so some backwards compatibility for the related protocols may have to remain or politicians may face backlash from the public as per the developing story in Australia about their plans to phase out 3G.

Q: What’s the impact of getting rid of 3G network?

For example, in 2024 in Australia as telecoms get ready to switch off 3G here are the device types that will be affected. Telecom companies are working to provide $0 or low cost replacement phones and help address other devices but the list is big so this may be a costly and painful switch over:

1. Older smartphones and feature phones: Devices released before around 2015 are likely to only support 2G or 3G networks. These devices will no longer be able to connect to the internet or make calls once 3G is switched off.

2. IoT devices: Many Internet of Things (IoT) devices, such as smart home gadgets, wearables, and automotive systems, rely on 3G networks for connectivity. These devices may become inoperable or have limited functionality without 3G.

3. Fallback connections for ATMs: Some ATMs may use 3G or 4G networks as a backup or secondary communication channel. If the primary network fails, the ATM might rely on 3G as a fallback. In such cases, a 3G shutdown could temporarily affect the ATM’s functionality. Also remote monitoring and management may use 3G in ATMs.

4. Emergency services: Some emergency services, especially in rural areas, may rely on 3G networks for communication. A shutdown could potentially disrupt their operations.

5. Rural and remote areas: Areas with limited 4G or 5G coverage may rely heavily on 3G. Residents in these areas could experience disruptions to their communication services.

6. Medical devices: Some medical devices, such as remote patient monitoring systems or telemedicine equipment, may rely on 3G for connectivity. A shutdown could disrupt their functionality.

7. Industrial devices: Certain industrial devices, such as remote sensors or control systems, may use 3G for communication. These devices could be affected by a shutdown.

8. Transportation systems: Some transportation systems, such as public buses or trains, may use 3G for communication between vehicles and control centers. A shutdown could potentially disrupt operations.

9. Security systems: Some security systems, such as home alarm systems or surveillance cameras, may use 3G for connectivity. A shutdown could affect their functionality.

10. There may be other devices.

Advice for Australians and other nations when 2G or 3G is planned for switch off:

• ATMA 3G Closure website

• ACMA 3G Network switch off website

• Aus Gov 3G network switch off website

Then, is it possible to eliminate 2G/3G Worldwide?

Eliminating all 2G/3G networks worldwide would significantly reduce SS7 vulnerabilities, but achieving this globally, especially in developing (third world) countries, presents challenges. Here’s a breakdown of the feasibility:

Benefits:

• Reduced SS7 vulnerabilities: SS7 is mainly used in 2G/3G networks, so eliminating these older generations would reduce the risk of call interception, location tracking, and eavesdropping via SS7 attacks.

• Enhanced security: With a global shift to 4G (LTE) and 5G, which use more secure protocols (Diameter for 4G, and SBA for 5G), the overall security of mobile communication would improve.

• More efficient spectrum use: Shutting down legacy networks frees up spectrum that can be reused for more advanced, efficient technologies like 4G and 5G.

Challenges:

• Infrastructure cost: Many developing countries still rely heavily on 2G and 3G networks due to the affordability of the infrastructure and the lower cost of compatible mobile phones. The transition to 4G/5G networks requires significant investment in infrastructure, including towers, base stations, and spectrum allocation, which may not be economically feasible for these countries in the short term.

• Device affordability: Many people in developing regions use older, more affordable mobile phones that only support 2G or 3G. Transitioning to 4G or 5G requires compatible devices, which may be out of reach for low-income populations. Without affordable 4G/5G devices, users in these areas could be left without access to communication.

• Coverage gaps: Even in developed countries, 2G/3G networks are often used to provide basic coverage in rural or remote areas where 4G/5G deployment is less practical. In many developing countries, these networks provide essential connectivity in areas with poor infrastructure.

• Roaming and compatibility: Some global communication still relies on 2G/3G for roaming, especially when users travel from countries with advanced networks to those with less developed infrastructure.

Possible Solutions

• Technically possible but costly: Eliminating 2G/3G worldwide is technically possible, but it requires significant investment, especially in developing countries. Governments, telecom companies, and international organizations would need to collaborate to provide affordable devices, upgrade infrastructure, and ensure widespread coverage.

• Gradual phase-out: Some developing countries are already phasing out 2G or 3G in favor of 4G, and in rare cases, 5G. However, this process is slow due to the economic and infrastructural challenges. A complete global phase-out may take years, if not decades.

• Subsidizing 4G/5G devices: To make the transition feasible, governments or international organizations could provide subsidies for affordable 4G/5G-compatible devices to low-income populations.

• Infrastructure funding: International cooperation, such as through World Bank projects or private-public partnerships, could help fund the necessary infrastructure upgrades in developing countries.

• Phased approach: Instead of an immediate shutdown, a gradual phase-out of 2G/3G networks in less developed regions could allow for a smoother transition, with attention to rural and underserved populations.

Ultimately a more secure phone and message 4G/5G network will take time to convert the world to. In meantime mobile carriers and users need to take the suggested precautions I have mentioned in this blog. Lets see below any additional threats to 4G and 5G networks.

Defending Against Other Mobile Protocol Attacks for 4G/LTE/5G/6G

In both 4G (LTE) and 5G networks, certain protocols are susceptible to cyber threats and vulnerabilities, particularly in the context of signaling, authentication, data transmission, and mobility management. These vulnerabilities can expose networks to attacks like denial of service (DoS), eavesdropping, and impersonation. While SS7 is a well-known vulnerability, there are other mobile protocol attacks small businesses should be aware of:

Common Threats and Defenses in both 4G/5G Protocols:

• Man-in-the-Middle (MITM) Attacks: Certain signaling protocols (e.g., NAS, GTP) can be exploited for intercepting or tampering with traffic if authentication/encryption mechanisms are weak.

• Denial of Service (DoS) Attacks: Flooding attacks on GTP, S1-AP, and X2-AP can overload the network infrastructure, causing service degradation or downtime.

• Downgrade Attacks: Attackers force devices to connect to older, less secure generations (like 2G/3G) that are easier to compromise.

• Eavesdropping: Exploiting poorly encrypted signaling and user data channels can allow attackers to intercept user traffic.

• Replay Attacks: Re-sending previously captured messages to manipulate user sessions or impersonate legitimate users.

4G/LTE Based Attacks Defenses:

Though 4G improved security compared to earlier generations (2G/3G), several protocols still have vulnerabilities.

• Diameter Attacks: As telecom companies upgrade to 4G/LTE and 5G, Diameter protocols (the successor to SS7) are becoming the new target. Vulnerabilities: These attacks can lead to similar exploits such as intercepting messages and bypassing security controls. Susceptible to replay attacks, where previously sent messages are maliciously re-transmitted. Man-in-the-middle (MITM) attacks and impersonation due to weaknesses in how authentication messages are handled between network elements. Exploitable by attackers to bypass authentication, intercept user data, or conduct billing fraud.

  • Defense for carriers: Ensure your mobile service provider is aware of Diameter protocol vulnerabilities and is actively working to secure them.

    • End-to-End Encryption: Implement strong encryption methods (e.g., TLS) for Diameter messages to protect data in transit and prevent interception.

    • Strong Authentication: Use robust authentication mechanisms, such as digital certificates and mutual authentication, to verify the identity of both the sender and receiver.

    • Message Integrity Checks: Apply cryptographic checksums or message integrity codes to Diameter messages to detect any unauthorized alterations during transmission.

    • Replay Protection Mechanisms: Incorporate sequence numbers or timestamps in Diameter messages to prevent replay attacks and ensure message freshness.

    • Access Control Lists (ACLs): Enforce strict ACLs to limit which network elements can communicate via Diameter, reducing exposure to potential attacks.

    • Intrusion Detection Systems (IDS): Deploy IDS to monitor Diameter traffic for suspicious activity and generate alerts for potential security incidents.

    • Regular Security Audits: Conduct periodic audits and assessments of Diameter configurations and implementations to identify vulnerabilities and ensure adherence to security best practices.

    • Security Policy Development: Establish comprehensive security policies specific to Diameter protocols, outlining acceptable usage, access controls, and incident response procedures.

  • Defense for small business clients: Good small business cyber hygiene mentioned in this article.

• SIP (Session Initiation Protocol) Attacks: SIP is used to initiate and terminate voice over IP (VoIP) communications. Attackers can exploit poorly secured SIP setups to eavesdrop on calls or launch denial-of-service (DoS) attacks.

  • Defense for service providers: Secure SIP communications using encryption protocols like TLS (Transport Layer Security) and SRTP (Secure Real-Time Transport Protocol).

    • Encryption: Utilize Secure SIP (SIPS) with Transport Layer Security (TLS) to encrypt SIP signaling messages, protecting against eavesdropping.

    • Strong Authentication: Implement robust authentication methods (e.g., digest authentication) for SIP accounts to prevent unauthorized access and spoofing.

    • Firewalls: Deploy SIP-aware firewalls to filter SIP traffic, detect malicious activities, and protect against DoS attacks.

    • Rate Limiting: Apply rate limiting on SIP requests to prevent flooding and mitigate the risk of DoS attacks.

    • Network Segmentation: Isolate VoIP traffic from other network traffic to enhance security and minimize the impact of potential attacks.

    • Regular Security Audits: Conduct periodic audits of SIP configurations and security settings to identify vulnerabilities and ensure best practices are followed.

    • Intrusion Detection and Prevention Systems (IDPS): Use IDPS to monitor SIP traffic for unusual patterns and automatically respond to potential threats.

  • Defense for small business clients: Good small business cyber hygiene mentioned in this article.

• S1-AP (S1 Application Protocol): Vulnerabilities: Susceptible to flooding attacks and session establishment attacks, leading to service degradation. Attackers can send large volumes of signaling messages, overwhelming the network infrastructure and causing outages or service disruptions.

• Defense for carriers:

  • Rate Limiting: Implement rate limiting on signaling messages to prevent flooding and reduce the impact of attacks.

  • Anomaly Detection: Utilize anomaly detection systems to identify and mitigate abnormal signaling traffic patterns indicative of flooding attacks.

  • Firewalls and Intrusion Prevention Systems (IPS): Deploy robust firewalls and IPS to filter out malicious signaling traffic and protect network elements.

  • Authentication and Encryption: Enforce strong authentication mechanisms and encryption protocols to secure signaling messages, reducing the risk of unauthorized access.

  • Network Segmentation: Implement network segmentation to isolate critical network components, minimizing the impact of potential attacks on the overall infrastructure.

  • Regular Security Audits: Conduct periodic security audits and penetration testing to identify and address vulnerabilities in the network infrastructure.

• Defense for small business clients: Good small business cyber hygiene mentioned in this article.

• X2-AP (X2 Application Protocol): Vulnerabilities: Exposed to signaling storms and DoS attacks, particularly during handovers between eNodeBs (base stations). Attackers can exploit handover processes to create signaling overloads, causing interruptions in connectivity.

• Defense for carriers:

  • Load Balancing: Implement load balancing mechanisms across eNodeBs to distribute traffic evenly and mitigate the risk of signaling storms during handovers.

  • Handover Optimization: Optimize the handover process by using predictive algorithms to reduce the frequency of handovers and limit unnecessary signaling.

  • Rate Limiting: Apply rate limiting to signaling messages to prevent overload conditions and ensure that the network can handle legitimate traffic effectively.

  • Anomaly Detection Systems: Deploy systems to monitor and detect unusual signaling patterns, enabling rapid response to potential attacks or overload situations.

  • Redundancy and Failover Mechanisms: Implement redundant pathways and failover mechanisms within the network to maintain connectivity during peak signaling conditions or potential attacks.

  • Security Policies and Access Control: Enforce strict security policies and access controls to limit who can initiate handover processes and prevent unauthorized signaling attempts.

• Defense for small business clients: Good small business cyber hygiene mentioned in this article.

• GTP (GPRS Tunneling Protocol): Still used in 5G for tunneling data between network nodes. Vulnerabilities: Session hijacking, DoS attacks, and traffic redirection are still concerns due to GTP weaknesses in the control and user plane. Exploitable to disrupt user sessions, intercept data, or overload network nodes by exploiting session management weaknesses.

  • Defense for carriers:

    • Encryption: Implement strong encryption protocols (e.g., IPsec) for GTP tunnels to protect data in transit and safeguard against interception.

    • Authentication Mechanisms: Enforce robust authentication methods for session initiation and management to prevent unauthorized access and session hijacking.

    • Access Control Lists (ACLs): Utilize ACLs to restrict GTP traffic and ensure that only legitimate and authorized nodes can participate in the tunneling process.

    • Traffic Monitoring and Anomaly Detection: Deploy systems to continuously monitor GTP traffic for unusual patterns or behaviors, enabling quick identification and response to potential attacks.

    • Session Management Controls: Enhance session management processes to include timeout mechanisms and periodic re-authentication to limit the duration of sessions and reduce hijacking risk.

    • Network Segmentation: Segregate GTP traffic from other network functions to contain potential breaches and limit the impact of attacks.

  • Defense for small business clients: Good small business cyber hygiene mentioned in this article.

• NAS (Non-Access Stratum): NAS is still used in 5G for signaling between the User Equipment (UE) and the core network. Vulnerabilities: Downgrade attacks: In mixed environments (non-standalone 5G), attackers can force a device to connect to less secure 4G or even 2G networks, exposing communications to eavesdropping or interception. Replay attacks and impersonation remain a risk, especially in edge cases of transitioning between 4G and 5G networks. Allows attackers to downgrade devices to insecure connections, making it easier to exploit older vulnerabilities or intercept user traffic.

  • Defense for carriers:

    • Secure Authentication: Implement strong authentication protocols, such as 5G Authentication and Key Agreement (5G-AKA), to validate user identity and prevent unauthorized access.

    • Encryption: Utilize robust encryption for NAS signaling messages to protect against eavesdropping and interception during transmission.

    • Integrity Protection: Ensure that all NAS messages are integrity-protected to detect any tampering or replay attacks on the signaling data.

    • Network Detection: Use network detection mechanisms to identify and block downgrade attempts, ensuring devices maintain connections with the most secure available network.

    • Dynamic Configuration: Allow user equipment (UE) to dynamically adapt and select the most secure network type based on current conditions and security assessments.

    • Regular Security Updates: Maintain up-to-date security protocols and implement regular updates to address vulnerabilities and improve overall system resilience.

  • Defense for small business clients: Good small business cyber hygiene mentioned in this article.

5G Based Attacks Defenses

5G has introduced new security features to mitigate these vulnerabilities, such as: Stronger encryption for both signaling and data. Mutual authentication between the user equipment and the network. Enhanced privacy features to protect user identities from being easily tracked or intercepted. Standalone architecture (SA) reduces the attack surface by relying solely on 5G core protocols rather than legacy LTE infrastructure.

While 5G has introduced several security improvements, especially in the standalone (SA) architecture, it is still vulnerable to some of the same threats as 4G due to shared protocols and the complexity of new technologies. 5G is still evolving, early deployments (especially non-standalone 5G) are more vulnerable to inherited weaknesses from 4G LTE.

• HTTP/2 Attacks (in 5G core): HTTP/2 replaces the Diameter protocol in 5G for control plane signaling. Vulnerabilities: HTTP/2 amplification attacks and vulnerabilities related to header compression could be exploited to overload network elements. MITM attacks can occur if encryption is not implemented or configured properly. Attackers could exploit vulnerabilities in HTTP/2 to overload network functions, causing degradation in service quality or availability.

  • Defense by carriers: To defend against HTTP/2 vulnerabilities in 5G core networks, several strategies can be employed.

    • Rate limiting controls user requests, mitigating amplification attacks, while strong encryption (e.g., TLS 1.3) prevents Man-in-the-Middle (MITM) attacks.

    • Ensuring input validation and effective connection management helps block malicious payloads and reduce overload risks.

    • Implementing robust monitoring and logging systems allows for quick detection of unusual traffic patterns, and network segmentation can isolate critical components to contain breaches.

    • Regular security updates, along with Intrusion Detection and Prevention Systems (IDPS) and Web Application Firewalls (WAFs), enhance protection.

    • Conducting security audits ensures ongoing vigilance against potential vulnerabilities.

  • Defense for small business clients: Good small business cyber hygiene mentioned in this article.

• NGAP (Next-Generation Application Protocol): Vulnerabilities: As a new protocol for signaling between the 5G core and the gNodeB, NGAP may have early-stage vulnerabilities like signaling manipulation and denial of service (DoS). Attackers may exploit the NGAP interface to manipulate call setup, session establishment, or mobility management processes.

  • Defense for carriers:

    • Secure Authentication: Implement robust authentication mechanisms to ensure that only authorized entities can access the NGAP interface, reducing the risk of signaling manipulation.

    • Encryption: Utilize strong encryption protocols to protect NGAP messages during transmission, preventing attackers from intercepting or tampering with signaling data.

    • Rate Limiting: Apply rate limiting on NGAP messages to mitigate the risk of denial-of-service (DoS) attacks by restricting the number of requests from a single source.

    • Traffic Monitoring: Employ advanced monitoring tools to analyze NGAP traffic for unusual patterns or anomalies, allowing for quick detection of potential attacks.

    • Intrusion Detection Systems (IDS): Deploy IDS to monitor and alert on suspicious activities related to NGAP signaling, providing real-time protection against manipulation attempts.

    • Regular Updates and Patching: Continuously update and patch network components involved in NGAP to address vulnerabilities as they are identified.

  • Defense for small business clients: Good small business cyber hygiene mentioned in this article.

• GTP (GPRS Tunneling Protocol): Still used in 5G for tunneling data between network nodes. Vulnerabilities: Session hijacking, DoS attacks, and traffic redirection are still concerns due to GTP weaknesses in the control and user plane. Exploitable to disrupt user sessions, intercept data, or overload network nodes by exploiting session management weaknesses.

  • Defences for carriers: To defend against vulnerabilities associated with the GPRS Tunneling Protocol (GTP) in 5G networks, carriers can implement several key strategies:

    • Authentication and Encryption: Ensure robust authentication mechanisms for all nodes communicating via GTP, coupled with strong encryption to protect data in transit, mitigating the risk of session hijacking and data interception.

    • GTP Traffic Filtering: Deploy firewalls and intrusion prevention systems (IPS) that can specifically identify and filter GTP traffic, blocking malicious attempts to exploit GTP vulnerabilities.

    • Rate Limiting and Throttling: Implement rate limiting and throttling on GTP sessions to help prevent denial-of-service (DoS) attacks by controlling the volume of traffic from individual sources.

    • Session Management Enhancements: Strengthen session management protocols to make it harder for attackers to hijack or manipulate sessions, such as implementing robust token validation.

    • Monitoring and Anomaly Detection: Use advanced monitoring tools to analyze GTP traffic for anomalies or unusual patterns that could indicate exploitation attempts, enabling quick response to potential threats.

    • Network Segmentation: Segment the network to isolate critical components, reducing the impact of a successful attack on GTP traffic and limiting access to sensitive data.

    • Regular Audits and Updates: Conduct regular security audits and updates on all components handling GTP traffic to identify and rectify vulnerabilities promptly.

  • Defense for small business clients: Good small business cyber hygiene mentioned in this article.

• NAS (Non-Access Stratum): NAS is still used in 5G for signaling between the User Equipment (UE) and the core network. Vulnerabilities: Downgrade attacks: In mixed environments (non-standalone 5G), attackers can force a device to connect to less secure 4G or even 2G networks, exposing communications to eavesdropping or interception. Replay attacks and impersonation remain a risk, especially in edge cases of transitioning between 4G and 5G networks. Allows attackers to downgrade devices to insecure connections, making it easier to exploit older vulnerabilities or intercept user traffic.

  • Defences for carriers: To defend against vulnerabilities associated with the Non-Access Stratum (NAS) in 5G networks, carriers can implement the following key strategies:

    • Strong Authentication Mechanisms: Use robust authentication protocols to verify the identity of User Equipment (UE) before establishing connections, reducing the risk of impersonation and replay attacks.

    • Encryption: Ensure that all NAS signaling messages are encrypted to protect against eavesdropping and interception, especially during transitions between 4G and 5G networks.

    • Downgrade Attack Mitigation: Implement mechanisms to detect and prevent downgrade attacks. This can include enforcing policies that prioritize connections to the most secure available network, such as 5G, and rejecting attempts to connect to older, less secure networks.

    • Network Slicing: Utilize network slicing to create isolated environments for different services or user groups, enhancing security and minimizing the impact of potential attacks.

    • Anomaly Detection Systems: Deploy advanced monitoring systems that analyze NAS signaling patterns for unusual activity, enabling quick detection of potential threats such as replay attacks.

    • Regular Security Updates: Ensure that all network components are regularly updated with the latest security patches and configurations to protect against known vulnerabilities.

    • User Equipment Security: Encourage or mandate that users enable device security features, such as keeping software up to date and using strong authentication methods.

    • Education and Awareness: Provide guidance and resources to users regarding the importance of connecting to secure networks and recognizing potential threats, such as suspicious behavior indicating a downgrade attack.

  • Defense for small business clients: Good small business cyber hygiene mentioned in this article.

• SDAP (Service Data Adaptation Protocol): Vulnerabilities: Being a new protocol, SDAP is still being tested, and early deployments may expose potential QoS manipulation attacks, allowing attackers to downgrade or disrupt specific types of traffic.

  Exploitable to manipulate Quality of Service (QoS), potentially leading to service disruptions for priority data like emergency calls or critical services.

  • Defences for carriers: To defend against vulnerabilities associated with the Service Data Adaptation Protocol (SDAP) in 5G networks, carriers can implement several key strategies:

    • Strong Authentication Mechanisms: Use robust authentication protocols to verify the identity of User Equipment (UE) before establishing connections, reducing the risk of impersonation and replay attacks.

    • Encryption: Ensure that all NAS signaling messages are encrypted to protect against eavesdropping and interception, especially during transitions between 4G and 5G networks.

    • Downgrade Attack Mitigation: Implement mechanisms to detect and prevent downgrade attacks. This can include enforcing policies that prioritize connections to the most secure available network, such as 5G, and rejecting attempts to connect to older, less secure networks.

    • Network Slicing: Utilize network slicing to create isolated environments for different services or user groups, enhancing security and minimizing the impact of potential attacks.

    • Anomaly Detection Systems: Deploy advanced monitoring systems that analyze NAS signaling patterns for unusual activity, enabling quick detection of potential threats such as replay attacks.

    • Regular Security Updates: Ensure that all network components are regularly updated with the latest security patches and configurations to protect against known vulnerabilities.

    • User Equipment Security: Encourage or mandate that users enable device security features, such as keeping software up to date and using strong authentication methods.

    • Education and Awareness: Provide guidance and resources to users regarding the importance of connecting to secure networks and recognizing potential threats, such as suspicious behavior indicating a downgrade attack.

  • Defense for small business clients: Good small business cyber hygiene mentioned in this article.

Partner with a Reputable Mobile Carrier (Large List of Countries)

One of the most effective ways to protect your business is to partner with a mobile carrier that takes security seriously. Many telecom providers are aware of SS7 and other vulnerabilities and have implemented solutions to mitigate these risks. Be sure to ask your provider about their security practices and inquire about:

• Their SS7 protection measures.

• Support for encrypted voice and data services.

• Their readiness for emerging threats in the 5G era.

Mobile carriers globally have been working to improve their SS7 security, although vulnerabilities still exist. SS7 (Signaling System 7) is an outdated telecommunications protocol that lacks built-in security and is vulnerable to interception, call redirection, and even fraud. Several carriers have adopted protective measures like firewalls, encryption, and continuous monitoring to mitigate these threats. However, improvements vary by region and provider.

Below is a global overview list based on continents of reputable telecom providers that have made significant strides in securing their networks, including SS7 and future protocols like Diameter in the 5G era (note there may be others but these are the ones I found):

Europe:

• Germany: Deutsche Telekom leads in SS7 security, implementing firewalls and monitoring suspicious activity. Vodafone Germany also provides secure services.

• UK: BT (British Telecom) and Vodafone UK are known for strong SS7 and LTE security measures.

• France: Orange has advanced protections and is investing heavily in securing SS7 and 5G protocols.

• Italy: TIM (Telecom Italia Mobile) has integrated SS7 firewalls and supports encrypted communication.

• Norway: Telenor is the leading provider, offering comprehensive network security measures, including SS7 firewalls and encryption services. Telia Norway also provides strong SS7 protections and is working on future-proofing its 5G infrastructure.

• Sweden: Telia has robust security measures for SS7 and is leading 5G security implementation. Tele2 also has implemented SS7 firewalls and encryption to ensure secure communication.

• Spain: Movistar, Orange Spain, and Vodafone Spain are leaders in securing their networks against SS7 attacks. Movistar, in particular, has robust monitoring and encryption in place.

• Portugal: MEO and Vodafone Portugal have implemented SS7 firewalls and are focusing on securing communications as they transition to 5G.

• Greece: Cosmote, the largest provider, has advanced security measures, including SS7 firewalls and encrypted communications. Vodafone Greece has also been proactive in securing their mobile infrastructure.

• Finland: Elisa and Telia Finland are both leaders in mobile security in the region. They have SS7 protections and are advancing in securing their 5G networks.

• Denmark: TDC Group is the primary provider, offering strong SS7 security and investing in 5G security to protect against newer vulnerabilities. 3 Denmark is also known for its focus on secure communications, with additional firewalls in place for SS7 protection.

• Ukraine: Kyivstar, Vodafone Ukraine, and Lifecell have taken steps to block certain access to SS7 and improve security in the face of geopolitical risks.

• Poland: Orange Polska and Play are considered secure networks with ongoing efforts to enhance SS7 security.

• Russia: MTS and Beeline provide better SS7 protections compared to other regional players, although challenges remain in broader network security. Although I’m dubious about their security practices when basic human rights are rescinded in some aspects of life and the surveillance state is ripe in Russia.

• Switzerland: Swisscom and Sunrise have robust SS7 protection, employing advanced firewalls and continuous network monitoring to prevent vulnerabilities.

• Austria: A1 Telekom Austria has implemented significant measures to secure its SS7 systems and is also preparing for 5G vulnerabilities. Magenta Telekom provides strong encryption and SS7 protection for businesses.

• Hungary: Magyar Telekom is the leading provider, with well-established SS7 protections and ongoing efforts to secure its 5G networks. Telenor Hungary also focuses on securing both legacy and new mobile technologies.

• Czech Republic: O2 Czech Republic and Vodafone Czech Republic are strong players, offering SS7 firewalls and encrypted voice/data services for businesses.

• Romania: Orange Romania and Vodafone Romania both offer advanced SS7 security measures. Orange, in particular, has firewalls and encryption in place.

• Bulgaria: Vivacom and A1 Bulgaria focus on securing both SS7 and their evolving 5G networks to prevent vulnerabilities.

• Serbia: Telekom Srbija is the largest provider, known for its SS7 security improvements and investment in 5G readiness.

• Netherlands: KPN and VodafoneZiggo are reputable for having SS7 firewalls, encryption services, and strong monitoring systems to detect suspicious activities.

• Belgium: Proximus and Orange Belgium are investing heavily in SS7 and 5G security measures, employing advanced firewalls and encryption for safe communication.

• Ireland: Vodafone Ireland and Three Ireland offer strong security features, including SS7 firewalls, and are focusing on emerging 5G threats.

• There is small islands and other countries. TBC

North America:

• United States: Major carriers like AT&T, Verizon, and T-Mobile have implemented multi-layered security, including SS7 firewalls and encryption. They also focus heavily on transitioning to 5G networks with enhanced security features.

• Canada: Bell Canada, Rogers, and Telus are known for their robust SS7 and 5G security features.

• Mexico: Telcel and Movistar Mexico offer strong SS7 protections and encrypted communication options for business customers.

• Nicaragua: Claro Nicaragua: As part of América Móvil’s network, Claro Nicaragua has SS7 security measures in place and is working to improve overall communications security. Tigo Nicaragua: Tigo has invested in SS7 firewalls and security technologies to protect its customers, and they are focusing on 5G implementation.

• Belize: Digi (Belize Telemedia Ltd.), the leading telecom provider in Belize, has worked on strengthening SS7 security and implementing modern encryption services for its network.

• Guatemala: Claro Guatemala: As part of América Móvil, Claro has SS7 protection measures and is implementing stronger encryption as they expand 4G and prepare for 5G networks. Tigo Guatemala: Tigo has taken steps to strengthen its SS7 security, with a focus on preventing call interception and data theft. The company is also advancing its 5G infrastructure to address emerging security concerns.

• El Salvador: Claro El Salvador: Claro offers SS7 firewalls and secure communications, benefiting from América Móvil’s regional security practices. They are also improving security as they develop 5G infrastructure. Tigo El Salvador: Tigo, a major telecom provider in El Salvador, has focused on SS7 protection, including firewalls and encryption services, with plans to enhance security as 5G becomes more prevalent.

• Honduras: Claro Honduras: Claro has implemented SS7 protections and is enhancing encryption measures across its network in Honduras, while transitioning to 5G infrastructure in the region. Tigo Honduras: Tigo Honduras has deployed SS7 firewalls and continuously monitors for suspicious activities, aiming to improve data security and communications as they roll out 5G.

• Costa Rica: Kolbi (ICE): The state-owned Instituto Costarricense de Electricidad (ICE) operates under the Kolbi brand, which has implemented SS7 security features, such as firewalls, and is working on improving 5G network security. Claro Costa Rica: Claro has focused on enhancing SS7 security and encryption services as part of its regional network, ensuring strong communication protection for its users.

• Panama: Claro Panama: Claro Panama follows América Móvil’s regional standards for SS7 protection, including firewalls and enhanced encryption, as they prepare for future 5G security measures. Tigo Panama: Tigo has implemented SS7 protections and is working on securing its 5G infrastructure to prevent interception and fraud.

South America:

• Brazil: Claro and Vivo are two of the largest telecom providers in the region, both working to strengthen SS7 defenses. TIM focuses on enhancing security protocols and has defenses against signaling threats.

• Argentina: Movistar and Claro Argentina have implemented some SS7 protections and offer encryption services for voice and data.

• Chile: Entel implements various security measures, including protections against SS7 vulnerabilities.

• Colombia: Tigo (Millicom) commits to enhancing cybersecurity, including SS7 protections.

• Peru: Entel works on securing its network against SS7 and other vulnerabilities.

• Paraguay: Tigo (Millicom) has made strides in securing its telecommunications infrastructure.

• Uruguay: Claro (América Móvil) engages in network security enhancements, including protections related to SS7.

• Bolivia: Entel actively enhances network security and works on SS7 protections. Tigo (Millicom) focuses on security improvements for its telecommunications services.

• Ecuador: Claro (América Móvil) invests in security measures, including protections against SS7 vulnerabilities. Movistar (Telefónica) implements various security protocols to safeguard communications.

• Venezuela: Movistar (Telefónica) works on improving network security, including SS7 protections. Digitel engages in efforts to enhance cybersecurity for its services.

• Suriname: Telesur implements security measures, although detailed information on SS7 protections may be limited.

• Guyana: GTT (Guyana Telephone and Telegraph) focuses on enhancing network security, including protections against various vulnerabilities.

• French Guiana: Orange engages in security improvements, including SS7 protections.

Asia-Pacific:

• Australia: Telstra and Optus have been proactive in securing SS7 and are focusing on 5G security. If you are using their resellers (like AldiMobile or Woolworths Mobile or other resellers of the Optus and Telstra networks), you benefit from the same back-end security.

• Japan: NTT DoCoMo, SoftBank, and KDDI are leading the region in both SS7 and 5G security efforts, with extensive monitoring and encryption protocols in place.

• South Korea: SK Telecom and KT Corporation are known for high levels of security, including protections against SS7 attacks and preparation for 5G vulnerabilities.

• New Zealand: Spark engages in ongoing security improvements, including protections related to SS7. Vodafone New Zealand invests in network security measures to protect communications.

• South Korea: SK Telecom actively works on security enhancements, including protections against SS7 threats. KT Corporation Implements comprehensive security measures for its network services.

• North Korea: I’m not sure what’s happening there so be very very cautions in a surveillance state with virtually no human rights.

• Singapore: Singtel Invests in security protocols, including those addressing SS7 vulnerabilities. StarHub Engages in network security improvements, including protections against signaling threats.

• China: China Mobile Implements various security measures, including SS7 protections. China Unicom focuses on enhancing network security to mitigate risks. Although I’m dubious about their security practices when some basic human rights are rescinded in some aspects of life and the surveillance state is ripe in China with their GREAT WALL.

• India: Reliance Jio works on securing its network infrastructure against various vulnerabilities. Bharti Airtel engages in implementing advanced security measures, including SS7 protections.

• There is small islands and other countries. TBC

Africa:

• South Africa: Vodacom and MTN provide secure mobile communications, with an increased focus on SS7 security and monitoring tools.

• Nigeria: MTN Nigeria has been working on improving SS7 and general mobile network security as part of broader initiatives to combat cybercrime.

• Kenya: Safaricom implements security measures, including protections related to SS7 vulnerabilities. Airtel Kenya focuses on improving cybersecurity across its network.

• Egypt: Orange Egypt invests in network security enhancements, including SS7 protections. Vodafone Egypt engages in various security measures to protect telecommunications.

• Ghana: MTN Ghana implements security protocols, including protections against SS7 vulnerabilities. Vodafone Ghana works on enhancing network security for its services.

• Tanzania: Vodacom Tanzania focuses on improving network security, including SS7 protections.Tigo Tanzania engages in security measures to safeguard communications.

• Uganda: MTN Uganda invests in security measures, including SS7 protections. Airtel Uganda works on enhancing cybersecurity across its network.

• There are other countries. TBC

Middle East:

• United Arab Emirates UAE: Etisalat and du offer secure services with efforts to improve SS7 and 5G security, with government backing for cybersecurity initiatives.

• Saudi Arabia: STC (Saudi Telecom Company) is working towards securing SS7 and introducing 5G with enhanced security protocols.

• Qatar: Ooredoo engages in robust security practices, including protections against SS7 vulnerabilities. Vodafone Qatar focuses on enhancing network security for its services.

• Kuwait: Zain implements security protocols, including SS7 protections for its telecommunications services. VIVA works on enhancing network security to mitigate various threats.

• Bahrain: Batelco invests in security enhancements, including protections related to SS7 vulnerabilities. Zain Bahrain focuses on improving network security across its services.

• Oman: Omantel engages in ongoing security improvements, including SS7 protections. Ooredoo Oman implements various security measures to protect communications.

• There are other countries. TBC

When travelling & roaming:

But what about if you insert a SIM card from another country or are roaming when travelling? You need to get a sim card from a provider in that country that is reputable - usually the top telecommunications providers in your country. When traveling, you might be tempted to use your home SIM or roam with a partner network. However, it’s better to purchase a local SIM from a reputable carrier in the country you visit. Top providers often have partnerships that extend their security protections, but it’s always advisable to use a SIM card from providers known for their strong security posture. But not all countries have reputable carriers or carriers that have good security standards.

Reputation & standards are important for carriers:

In general, mobile operators are aware of the weaknesses in SS7 and are taking steps to address them, but the security of the system often depends on global cooperation, as carriers are interconnected. Moving forward, 5G networks are expected to introduce new complexities, making comprehensive multi-protocol security strategies necessary.

By partnering with a secure mobile carrier, your business can mitigate the risks associated with outdated telecommunications protocols while preparing for future threats in the evolving mobile landscape.

What if I choose to keep using SMS 2FA?

Using SMS for two-factor authentication (2FA) comes with several risks, primarily due to vulnerabilities in the underlying technology and the increasing sophistication of cyberattacks.

Key risks of using SMS 2FA include:

1. SIM Swapping (SIM Hijacking)

• Description: Attackers can impersonate you to your mobile provider and convince them to port your phone number to another SIM card.

• Risk: Once the attacker has control of your number, they can intercept 2FA codes sent via SMS, potentially gaining access to your online accounts, including bank accounts and email.

2. SS7 Vulnerability

• Description: SS7 (Signaling System 7) is a global telecommunications protocol that manages how SMS messages and calls are routed.

• Risk: Hackers can exploit vulnerabilities in the SS7 protocol to intercept SMS messages, even if they don’t have access to your physical phone. This allows them to capture authentication codes remotely.

3. SMS Phishing (Smishing)

• Description: Attackers send fraudulent SMS messages pretending to be from a legitimate company, asking users to reveal sensitive information.

• Risk: Users might be tricked into providing sensitive details or redirected to malicious websites, giving attackers access to accounts without needing to bypass 2FA.

4. SIM Cloning

• Description: Attackers can clone a victim’s SIM card and receive all their messages and calls.

• Risk: If an attacker clones your SIM card, they can intercept your SMS 2FA codes and access your accounts.

5. Device Theft

• Description: If someone steals your phone and can unlock it, they can view any SMS-based 2FA codes directly.

• Risk: Without needing to exploit network vulnerabilities, an attacker can access SMS 2FA codes if they have physical access to your device.

6. Man-in-the-Middle (MitM) Attacks

• Description: In some cases, attackers can intercept SMS messages during transmission.

• Risk: This type of attack can allow someone to capture authentication codes in transit and gain unauthorized access to accounts.

Convenience vs. Security

• Convenience: SMS is easy to set up and use for many users, making it a popular 2FA option.

• Security: Despite the convenience, the security risks associated with SMS-based 2FA have led many security experts to recommend more secure alternatives, such as authenticator apps or hardware security keys.

Given these risks, it’s generally advisable to switch to more secure methods of 2FA, such as using authentication apps (e.g., Google Authenticator, Authy) or hardware-based keys (e.g., YubiKey), which are not vulnerable to SS7 and SIM-swapping attacks.

What are dangers of switching to other 2FA methods?

While SMS 2FA has significant vulnerabilities, alternative methods are not completely immune to threats either so you need to know exactly what are its weaknesses to be informed when using them but they are safer alternatives in terms of security but aren’t easier than SMS. Below are some of the main alternatives to SMS for two-factor authentication (2FA) and the potential risks associated with each:

1. Authenticator Apps (Google Authenticator, Authy, etc.) Risks:

• Device Theft: If someone gains physical access to your phone or device where the authenticator app is installed, they could access the 2FA codes.

• Backup & Migration: If the app is not backed up properly (like in Google Authenticator), losing the phone can make it difficult or impossible to recover accounts tied to the app.

• Phishing: Attackers may use phishing techniques to trick users into revealing their 2FA codes.

• App-Specific Vulnerabilities: If the app itself has security flaws, attackers may exploit those, although this is rare compared to SMS.

2. Hardware Security Keys (YubiKey, Google Titan, etc.) Risks:

• Physical Theft: If someone physically steals your hardware key, they can use it to access accounts, especially if the key isn’t protected by additional PIN or password measures.

• Loss of Key: Losing the key can lock you out of accounts, making it essential to have a backup key or alternate recovery method.

• Side-Channel Attacks: As seen with the YubiKey vulnerability​ (Tom’s Hardware), side-channel attacks, though rare and technically complex, can potentially allow attackers to clone the key in high-value targets (such as espionage or corporate theft scenarios).

3. Biometric Authentication (Fingerprint, Face ID) Risks:

• Spoofing: Attackers can sometimes spoof biometric data using high-resolution images or fake fingerprints, although modern systems have become more sophisticated in preventing this.

• Privacy Issues: Biometric data, once compromised, cannot be changed like a password, making it a permanent security risk.

• Hardware Issues: If the biometric sensor is faulty or not well-calibrated, it could allow unauthorized access or lock the legitimate user out.

4. Email-Based 2FA Risks:

• Email Account Compromise: If an attacker gains access to your email account (through phishing, weak passwords, etc.), they can intercept 2FA codes and password reset requests.

• Less Secure Than Other Methods: Email accounts are often more easily compromised than methods like hardware keys or authenticator apps, making email 2FA less secure.

5. Push Notifications (via Authy, Duo, etc.) Risks:

• Push Hijacking: Attackers can sometimes use social engineering or malware to manipulate users into approving malicious push requests.

• Device Vulnerabilities: Push notifications rely on the security of the device they are sent to. A compromised device (e.g., through malware) could allow attackers to intercept or approve requests without your knowledge.

6. Time-Based One-Time Passwords (TOTP) Risks:

• Device Theft or Loss: If the device storing the TOTP generator (like Google Authenticator) is lost or stolen, the attacker can potentially access the codes.

• Code Interception: TOTP codes can be phished if the attacker tricks the user into submitting the code to a malicious website.

While alternatives to SMS-based 2FA (like authenticator apps, hardware keys, or biometrics) are generally more secure, they each come with their own set of risks, particularly in scenarios of physical theft, phishing, or advanced attacks. The best approach often involves using a combination of these methods (e.g., hardware key (backup) + authenticator app (primary) + email (backup) + recovery codes (backup)), ensuring you have secure backups, and staying vigilant against phishing or social engineering attacks.

Conclusion

While SS7 and similar mobile protocol attacks may seem like distant threats, they can have a devastating impact on small businesses, especially if they compromise sensitive customer data or critical business communications. By being proactive and implementing the security measures mentioned above, small businesses can significantly reduce their risk and safeguard their mobile communications from these sophisticated attacks.

You will have to weigh the pros and cons of which approach you take. Depends on whether you are ok with SMS method and you don’t have a lot to lose and need the convenience. But for most small businesses the alternatives to sms are best with careful planning. I think telcos and software and website designers need to work more together and stamp out these vulnerabilities and give us more options to verify - what about the potential of Cryptocurrency verification platforms such as Worldcoin? What about government or corporate run 2 factor verification methods? Will AI solved the problem? Let’s wait and see.

Always remember, securing your business is an ongoing process. Regular updates, training, and a layered approach to security are key to staying protected in an evolving digital landscape.

If you are a small business owner in Australia and need help with your cybersecurity needs or want to learn more about how to secure your mobile communication systems, feel free to book a Cybersecurity session for expert advice and solutions.

Does humanity need to mature and stop cyber attacking each other? I believe this is truly the only solution to solve cybersecurity issues for good. Stop attacking and sending garbage to damage or steal from one another. Goes back to the 10 commandments and principles from Christs teachings: What you want others to do to you, you must also likewise do to them. But for now in this hate filled world, the best advice I can give: Trust no one and use discernment

Safe computing,

Michael Plis

References

• Due to the complexity of this article and my lifelong neurodivergent disability I used a combination of my own network engineering knowledge, ChatGPT and Google Gemini to do the research,writing and also assisting me in editing. So if there is errors or something could be referenced that should be please DM me on all major social media profiles either via the social media channels listed at the top of the article or at the bottom. Thanks.

• About Chaos Communication Congress (CCC) (31c3) (Wikipedia)

• Karsten Nohl - Researcher - Security Research Labs - Berlin, Germany - Co-revealer of SS7 vulnerabilities in 2014 publically: Karsten LinkedIn / Security Research Labs website

• Tobias Engel - Researcher - Sternraute - Berlin, Germany - Co-revealer of SS7 vulnerabilities in 2014 publically: He doesn’t seem to have social media links. Sternraute website. Sternraute X / Twitter account. Tobias X / Twitter account.

• The Washington Post Article that broke the story on Dec 18 2014 with an interview with German researcher (co-discoverer of SS7 vulnerabilities) Karsten Nohl: German researchers discover a flaw that could let anyone listen to your cell calls.

• Chaos Communication Congress (CCC) talk by Tobias Engel his reveal speech on the CCC on 29th December 2014 in Berlin, Germany entitled: “Tobias Engel: SS7: Locate. Track. Manipulate” on YouTube.

• ThreatPost article on 30 Dec 2014: Cellular Privacy, SS7 Security Shattered at 31C3

• The Register article on 26 Dec 204: White hats do an NSA, figure out LIVE PHONE TRACKING via protocol vuln

• SecurityWeek article on 20 April 2016: Vulnerability in Mobile Networks Allows Easy Phone Tracking

• Veritasium Youtube Channel video “Exposing the Flaw in Our Phone System“ quotes at the start of paragraph. Refer to the video for the credits of whose assistance they used to prepare their video and do their own research

  • They also used the help of:

    • Linus Sebastian and the team at Linus Tech Tips - you can check them out in Youtube at ‪@LinusTechTips‬

    • Alexandre De Oliveira and Karsten Nohl

    • Crofton Black at Lighthouse Reports, Cathal McDaid at Enea, and James Hobson on Youtube at ‪@hacksmith‬

    • Plus other references they list are useful to read through.

• Toms Hardware: Older YubiKeys compromised by unpatchable 2FA bug — side-channel attack is critical, but expensive and difficult to execute

In this article I will keep documenting types of cyber threats out there and how you can protect your small business.

In today’s digital age, businesses of all sizes are increasingly reliant on technology. This reliance makes them vulnerable to cyber threats, which are constantly evolving and can have a devastating impact. Understanding the different types of cyber threats and the risks they pose is crucial for any small business owner or operator.

Let’s learn the current set of them - and this list will grow.

List of categories

• What is a cyber threat?

• Malware

• Phishing

• Network Based Attacks

• Social Engineering

• Zero-Day Attacks

• Internet of Things (IoT) Threats

• AI-Powered Attacks

• Supply Chain Attacks

• Credential Stuffing Attacks

• Data Breaches

• Shadow IT Threats

• Telephony Signaling Attacks

• Database Attacks

• Script Attacks

• Brute Force Attacks

• Watering Hole Attacks

• General advice for small business

What is a cyber threat?

What is a cyberthreat? It’s the possibility of a malicious attempt to damage or disrupt a computer network or system or devices or software.

A cyber threat is any potential malicious activity that aims to damage, disrupt, or gain unauthorized access to computer systems, networks, devices, or software. These threats can compromise the confidentiality, integrity, and availability of data and digital assets, putting individuals, businesses, and even nations at risk.

Cyber threats can originate from various sources, including cybercriminals, hackers, insiders, or nation-states, and they can take many forms, from sophisticated hacking attacks to simple social engineering tricks. The growing reliance on technology and the interconnectedness of systems make cyber threats an ever-present and evolving challenge that requires constant vigilance and robust security measures.

Let’s dig in deeper into the common ones.

Malware

Malware is a broad term that encompasses any software designed to harm a computer system. This includes viruses, worms, Trojan horses, spyware, and ransomware. Malware can steal data, corrupt files, or even take control of your entire system. Software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system. Types of malware is a worm, virus, trojan. There are other types:

• Ransomware: Ransomware encrypts a victim’s data or locks them out of their device, demanding a ransom to restore access. It has become one of the most financially damaging types of malware. Example: You receive a message on your screen demanding payment in Bitcoin to unlock your encrypted files. Here are the various types:

• Ransomware-as-a-Service (RaaS): This is a subscription-based model where criminals lease out ransomware to other attackers. RaaS operators provide the malware, and the affiliates perform the attacks, splitting the profits from the ransom payments. Example: A criminal with little technical expertise uses a RaaS platform to distribute ransomware and demand payment from victims. Another example: Various platforms that allow users to customize and deploy ransomware campaigns for a fee, such as Sodinokibi.

• Crypto Ransomware: This type encrypts files on the victim’s system, making them inaccessible until a ransom is paid for the decryption key. Example: WannaCry is a well-known crypto ransomware that affected thousands of computers globally, encrypting files and demanding Bitcoin as ransom.

• Locker Ransomware: Description: Instead of encrypting files, locker ransomware locks users out of their devices, preventing access to the operating system or applications. Users are then asked to pay a ransom to regain access. Example: Police-themed locker ransomware that displays a message claiming to be from law enforcement, alleging illegal activity and demanding payment.

• Scareware: This type of ransomware often masquerades as legitimate security software, claiming that the user’s computer is infected and demanding payment to remove the threats. It doesn’t necessarily encrypt files. Example: Software that displays fake alerts about viruses and requires payment for a “full scan” or “cleaning.”

• Double Extortion Ransomware: This method involves both encrypting files and stealing sensitive data. Attackers threaten to publish or leak the stolen data if the ransom is not paid. Example: Maze ransomware not only encrypts files but also exfiltrates sensitive information and threatens to release it if the ransom isn’t paid.

• GandCrab: Once one of the most prolific ransomware variants, GandCrab encrypts files and demands ransom in various cryptocurrencies. It has been distributed through various methods, including exploit kits and phishing emails. Example: GandCrab was known for its rapid evolution and frequent updates to avoid detection.

• Ryuk: Description: A targeted ransomware that is often associated with large-scale attacks on enterprises. Ryuk encrypts files and demands significant ransoms, often targeting critical infrastructure and businesses. Example: Ryuk was used in various high-profile attacks, including those on hospitals and municipalities.

• REvil (Sodinokibi): This ransomware variant encrypts files and also involves double extortion tactics by stealing data. It gained notoriety for high-profile attacks and is offered as a RaaS model. Example: The attack on JBS Foods in 2021 that led to a substantial ransom payment.

• DarkSide: Known for its double extortion method, DarkSide targets large organizations and is associated with high-profile attacks, including the Colonial Pipeline attack that disrupted fuel supplies in the U.S. Example: DarkSide is known for its professionalism in handling negotiations with victims, often providing a customer support portal for ransom negotiations.

• Conti: This is another ransomware that uses double extortion tactics, encrypting files and stealing data. It is known for its speed and efficiency in carrying out attacks. Example: Conti attacks have targeted hospitals and other critical infrastructure, causing significant disruption.

• Netwalker: This ransomware is often spread through phishing and exploits vulnerabilities in software. It employs double extortion tactics, threatening to leak sensitive data if the ransom is not paid. Example: Netwalker has targeted various sectors, including healthcare and education, demanding high ransoms.

• Egregor: Egregor uses a combination of ransomware and data theft. It targets businesses by exploiting vulnerabilities and is known for its involvement in double extortion schemes. Example: Egregor has been linked to various data breaches and ransom demands across different industries.

• Fileless Malware: Malicious software that operates in-memory without writing files to disk, making it harder for traditional antivirus solutions to detect.

• Malvertising: Malware is distributed through online ads, even on legitimate websites, where users can get infected by simply viewing or clicking on the ad.

• Rootkits: Rootkits are designed to provide attackers with administrator-level control over a system. They hide themselves deep within the operating system to avoid detection, allowing continuous and unauthorized access. Example: An attacker installs a rootkit on a victim’s computer to monitor keystrokes and steal sensitive information without being detected by security software.

• Adware: Adware generates unwanted advertisements on a user’s system, often in the form of pop-ups or banners. While not always malicious, adware can be a gateway for other malware or expose users to risky ads. Example: Constant pop-up ads that appear while browsing the internet, even when not visiting ad-heavy websites.

• Spyware: Spyware secretly monitors a user’s activities, gathering information such as browsing history, login credentials, or financial details. Spyware is often used to collect personal data without consent. Example: A program that tracks every keystroke you make, sending this data back to the attacker to gather passwords or other confidential information.

• Rogue Security Software: Also known as scareware, rogue security software tricks users into believing their system is infected and that they need to purchase or install a fake security product, which often installs further malware. Example: A pop-up warning that your system has a virus and offering to clean it, but the provided software is malicious.

• Botnet Malware: Botnet malware turns infected devices into “bots” that are controlled by an attacker. These botnets can be used to launch large-scale attacks, such as Distributed Denial-of-Service (DDoS) attacks. Example: Your computer becomes part of a botnet and is used along with thousands of other infected machines to flood a website with traffic and cause it to crash.

• Keyloggers: Keyloggers are a type of malware that records every keystroke made on a device. This information is sent to the attacker, often to steal login credentials, personal information, or credit card numbers. Example: A keylogger records your bank login details and sends them to an attacker without your knowledge.

• Cryptojacking Malware: Cryptojacking malware infects a device and uses its resources (CPU and GPU power) to mine cryptocurrency without the user’s knowledge or consent. Example: A computer suddenly slows down, and the fan runs constantly as malware secretly uses the system’s power to mine Bitcoin for an attacker.

• Browser Hijackers: Browser hijackers alter web browser settings, redirecting users to malicious or unwanted websites. These can also change the default search engine or homepage. Example: Every time you open your browser, you’re taken to a sketchy website instead of your usual homepage.

• Mobile Malware: Mobile malware specifically targets smartphones and tablets, often through malicious apps. It can steal personal data, track the user, or even make fraudulent in-app purchases. Example: A malicious app downloaded from a third-party store steals your contacts and messages or uses your phone to send premium-rate SMS texts.

• Polymorphic Malware: Polymorphic malware modifies its code each time it infects a new system, making it harder for traditional antivirus software to recognize and detect. Example: A virus that changes its signature with each infection, evading detection by antivirus software that relies on static signatures.

• Logic Bomb: Logic bombs remain dormant within a system until a specific condition is met (such as a date or action), at which point the malware activates and performs its attack, often destroying or corrupting data. Example: A disgruntled employee leaves a logic bomb set to go off if they are removed from the company’s payroll system.

• RAT (Remote Access Trojans): RATs provide attackers with remote access to a victim’s system, enabling them to control the system as though they were the user. They can steal data, install other malware, or spy on users. Example: A RAT allows an attacker to turn on your webcam or monitor your emails and passwords without your knowledge.

• Wiper Malware: Wiper malware is designed to erase data from a system rather than steal or encrypt it. Often used in politically motivated attacks, wipers can cause irreparable damage to organizations or governments.

• Example: An organization finds all its critical data erased and systems rendered useless after a targeted malware attack.

• APT (Advanced Persistent Threats): APT malware is used in long-term cyber espionage attacks, where attackers infiltrate a system and remain undetected for extended periods. The goal is to steal sensitive information or monitor activities over time. Example: A corporate network is breached by attackers who slowly exfiltrate trade secrets over the course of several months.

Phishing

Phishing attacks are attempts to trick you into revealing personal information, such as your credit card number or login credentials. Phishing emails often appear to be from legitimate sources, such as your bank or a social media platform. They may contain links that, when clicked, will take you to a fake website that looks real. Once you enter your information on the fake website, the attacker can steal it. Here are a few types:

• Spear Phishing: Targeted Phishing Attack aimed at a specific individual or organization. Attackers craft personalized messages using information they’ve gathered about the target, making the email appear more legitimate and difficult to spot as phishing.

  Example: An email addressed to you specifically, mentioning your job title or company, and pretending to be from your boss, asking for confidential data.

• Whaling: Phishing Attack targeting high-level executives such as CEOs, CFOs, or other high-ranking officials in an organization. These emails are carefully tailored to seem highly relevant to the target, using corporate lingo or referring to sensitive business matters. Example: An email that appears to be from a lawyer or business partner requesting an executive to approve a large payment or provide financial information.

• Vishing (Voice Phishing): Phishing conducted over the phone rather than through email. Attackers impersonate trusted entities (such as a bank or government agency) and attempt to extract personal or financial information through deceptive phone calls. Example: A phone call claiming to be from your bank, asking you to verify account details or reset your password.

• Smishing (SMS Phishing): Phishing via SMS text messages, where attackers send messages containing malicious links or ask for sensitive information. These messages often create a sense of urgency, such as claiming that your account will be locked unless you act immediately. Example: A text message claiming to be from your bank, asking you to verify your account by clicking a link.

• Clone Phishing: In clone phishing, attackers clone a legitimate email that the recipient has previously received and send an identical one, except with malicious links or attachments. The cloned email looks like a genuine follow-up or continuation of a prior conversation. Example: Receiving what appears to be a legitimate email thread from your company or service provider, but the attached file or links have been altered to install malware.

• HTTPS Phishing: Attackers create fake websites that use “https://” in the URL and display the lock icon to appear secure. Users are fooled into thinking the site is trustworthy and legitimate because they see the SSL certificate, even though it’s a fake or malicious site. Example: A phishing email sends you to a website with a green padlock symbol and “https://” in the URL, tricking you into entering login details or financial information.

• CEO Fraud: This type of phishing attack targets lower-level employees by impersonating a CEO or high-level executive and requesting sensitive data or urgent transfers of money. The message typically creates a sense of urgency or confidentiality to prevent the employee from verifying the request. Example: An urgent email from the “CEO” asking a finance officer to wire money to a specific account for an important deal.

• Pharming: Attackers redirect users to a fake website by manipulating DNS settings or through malware, even if the victim enters the correct URL. Once on the malicious site, users unknowingly submit their sensitive information. Example: Typing in your bank’s URL and being redirected to a fake site that looks identical to the legitimate one.

• Evil Twin Phishing: Attackers set up a fraudulent Wi-Fi network that appears to be a legitimate public Wi-Fi hotspot. Once users connect to the evil twin, attackers can intercept any information they send, including login credentials and financial information. Example: Connecting to “Free Airport Wi-Fi” and unknowingly allowing attackers to intercept your data.

• Social Media Phishing: Attackers send malicious messages through social media platforms, either impersonating trusted contacts or sending direct messages with links that lead to phishing sites. Social media phishing can also involve fake profiles posing as legitimate individuals or businesses. Example: A Facebook message from a friend asking you to check out a link, which actually takes you to a phishing site designed to steal your account credentials.

• Man-in-the-Middle Phishing: Attackers insert themselves between a legitimate entity and the victim to intercept communication and steal credentials or other information. This is often done using compromised networks or fake Wi-Fi hotspots. Example: Connecting to an unsecured Wi-Fi network where an attacker captures the information you enter into your banking or email account.

• Dropbox/Google Drive Phishing: Attackers send phishing emails with links to fake file-sharing platforms like Dropbox or Google Drive, claiming that a document is ready for viewing. Once users click on the link and enter their credentials, attackers steal them. Example: An email pretending to be from a colleague saying a document is shared on Google Drive, but the link leads to a fake login page.

Network Based Attacks

Network-based attacks target the infrastructure, devices, and services of a network, often aiming to disrupt, intercept, or manipulate network traffic. These network-based attacks highlight the need for strong security practices, including encryption, monitoring, and proper configuration, to protect against attackers exploiting vulnerabilities within a network. Below are several common network-based attacks:

• DNS Hijacking: DNS hijacking, also known as DNS redirection, is a cyberattack where malicious actors manipulate the Domain Name System (DNS) to redirect internet traffic to fraudulent websites. This can be achieved by compromising DNS servers, installing malware on user devices, or intercepting DNS communication. When a user tries to access a legitimate website, they are instead unknowingly routed to a malicious site designed to steal sensitive information or install malware. This attack can have severe consequences for individuals and organizations, leading to financial losses, identity theft, and reputational damage.

• DNS Spoofing (DNS Cache Poisoning): Attackers corrupt DNS records, redirecting users to fraudulent websites without their knowledge. Example: A user attempting to access a bank website is redirected to a fake site where attackers steal login credentials.

• Rogue Access Points: Unauthorized wireless access points are set up to mimic legitimate networks, allowing attackers to intercept or manipulate network traffic. Example: An attacker sets up a Wi-Fi network called “Free Wi-Fi” in a public area to capture users’ data.

• Man-in-the-Middle (MitM) Attacks: Attackers secretly intercept and relay communications between two parties, often altering or stealing data.

• Example: An attacker intercepts traffic between a user and a banking website, capturing login credentials.

• Packet Sniffing (Eavesdropping): Attackers use packet sniffers to capture and analyze network traffic, potentially exposing sensitive data like passwords and emails. Example: An attacker on a shared network captures unencrypted traffic to steal sensitive information.

• Denial-of-Service (DoS) Attacks: Attackers flood a network or server with traffic, overwhelming resources and causing a shutdown or slowdown of services. Example: A website is overwhelmed with traffic, making it unavailable to legitimate users.

• Distributed Denial-of-Service (DDoS) Attacks: Similar to DoS but involves multiple compromised systems (usually part of a botnet) attacking a target simultaneously, making it harder to mitigate. Example: Thousands of infected devices are used to flood a network server, causing service outages.

• IP Spoofing: Attackers disguise their identity by falsifying the source IP address of packets to make them appear to come from a trusted source. Example: An attacker sends malicious packets to a target while pretending to be a trusted server.

• ARP Spoofing: Attackers send falsified ARP (Address Resolution Protocol) messages to associate their MAC address with the IP address of a legitimate host, enabling interception of traffic. Example: An attacker on a local network reroutes traffic intended for the gateway to their machine.

• MAC Flooding: Attackers flood a switch with numerous fake MAC addresses, causing it to fail open and broadcast traffic to all ports, making it easier to capture sensitive information. Example: An attacker overwhelms a switch, forcing it to broadcast traffic, which can then be captured by the attacker.

• Port Scanning: Attackers scan a network or device to identify open ports and services, gathering information to exploit vulnerabilities. Example: An attacker scans a server to find open ports that can be used to launch further attacks.

• Session Hijacking: Attackers take control of a legitimate session by stealing session cookies or session IDs, allowing unauthorized access to resources. Example: An attacker captures a user’s session token from an insecure web application and uses it to impersonate the user.

• Evil Twin Attack: Attackers set up a fake Wi-Fi network with a name similar to a legitimate network, tricking users into connecting and giving the attacker access to their data. Example: A hacker sets up a network named “CoffeeShop_WiFi_Free” near a café to capture data from users who connect.

• SSL Stripping: Attackers downgrade a secure HTTPS connection to an unencrypted HTTP connection, allowing them to intercept or modify data sent between the user and the website. Example: An attacker intercepts an HTTPS connection and strips it down to HTTP, stealing sensitive information transmitted over the connection.

• Network Tapping: Attackers physically tap into the network cables or use hardware to intercept data traveling through the network. Example: Someone installs a hardware tap on a network cable to capture all traffic passing through.

• VLAN Hopping: Attackers exploit vulnerabilities in a VLAN (Virtual Local Area Network) configuration to move from one VLAN to another and access restricted network segments. Example: A user on one VLAN gains unauthorized access to another VLAN holding sensitive data.

• Smurf Attack: A type of DDoS attack where the attacker sends ICMP requests (pings) to a network, with the source IP address spoofed to the victim’s address, causing a flood of ICMP responses. Example: The victim’s network is overwhelmed by reply messages from various devices in response to the attacker’s spoofed requests.

• Broadcast Storm Attack: Attackers send excessive broadcast traffic on a network, causing severe network congestion and performance degradation. Example: Multiple devices on a network continually broadcast messages, resulting in a traffic overload.

• RIP Route Poisoning: Attackers manipulate the Routing Information Protocol (RIP) by injecting false route updates into the network, redirecting traffic or causing network disruptions. Example: An attacker sends false routing information to a router, misdirecting traffic to a compromised route.

• Wormhole Attack: Attackers create a fast communication channel between two points in a wireless network, allowing them to capture packets and replay them later. Example: A malicious node in a wireless sensor network forwards data packets from one point to another, disrupting routing protocols.

• Botnets: A network of compromised computers or devices (often called zombies) controlled by a hacker to launch large-scale attacks such as DDoS or spam campaigns. Example: A botnet of thousands of devices is used to launch a DDoS attack on a corporate network.

Social Engineering

Social engineering is the art of tricking people into giving up personal information or clicking on malicious links. Social engineering attacks can be very effective, as they prey on human trust and emotions.

• Business Email Compromise (BEC): Scams where attackers impersonate executives or vendors to trick employees into transferring funds or sensitive data. A BEC is a form of social engineering.

Zero-Day Attacks

Zero-day attacks are attacks that exploit vulnerabilities in software that the software vendor is not aware of. Zero-day attacks are dangerous because there is no patch available to protect against them.

Internet of Things (IoT) Threats

Exploiting weak security in connected devices, such as cameras or smart systems, to gain network access.

AI-Powered Attacks

Attackers are increasingly using AI and machine learning to craft more sophisticated phishing emails, penetrate networks, or find vulnerabilities faster than ever before.

• Deepfake & Synthetic Media Attacks: Fraudsters are also using deepfakes or synthetic audio to impersonate business leaders is a growing threat, especially in small businesses where verification protocols may not be strong. They are now even testing live video AI face skins and voices to impersonate your staff or loved ones.

Supply Chain Attacks

Hackers target vendors or partners to infiltrate larger networks. This can be particularly harmful to small businesses relying on third-party services.

Credential Stuffing Attacks

Automated attacks using stolen credentials from one breach to try accessing multiple systems, exploiting the common practice of reusing passwords.

Data Breaches

Unauthorized access to sensitive data, leading to information being stolen or exposed, typically affecting personal, financial, or business information. Each type of data breach requires different prevention and mitigation strategies. Effective cybersecurity practices, including encryption, strong access controls, regular audits, and employee training, are essential to protect sensitive data. Here are a few types:

Accidental Data Breach

• Description: Sensitive information is accidentally disclosed or shared due to human error.

• Example: An employee mistakenly sends an email containing sensitive customer data to the wrong recipient.

Insider Threat Breach

• Description: A trusted individual within an organization, such as an employee or contractor, deliberately or accidentally exposes data. Employees or contractors with malicious intent or those who unintentionally cause security breaches. Some employees or contractors could be bribed by hackers or other maliciously in inclined organisations to plant malicious devices or software or steel data.

• Example: An employee with access to sensitive information intentionally leaks it or unknowingly clicks on a phishing link, allowing attackers access.

Hacking/IT Incident Breach

• Description: Unauthorized individuals gain access to systems, networks, or databases through vulnerabilities or sophisticated cyberattacks.

• Example: Hackers exploit vulnerabilities in a company’s system to steal customer data, such as passwords or credit card details.

Physical Theft of Devices

• Description: Physical devices containing sensitive data (laptops, USB drives, smartphones) are stolen or lost.

• Example: A stolen company laptop contains unencrypted personal data, resulting in a data breach.

Social Engineering Breach

• Description: Attackers manipulate individuals into providing confidential information or access to systems.

• Example: A phishing email tricks employees into revealing their login credentials, which are then used to access sensitive data.

Ransomware Breach

• Description: Attackers encrypt an organization’s data, demanding ransom for the decryption key. During the attack, data can be exfiltrated or stolen.

• Example: A company’s customer data is held hostage by ransomware, and the attackers threaten to release it if a ransom is not paid.

Third-Party Vendor Breach

• Description: A data breach occurs due to vulnerabilities or security failures in a third-party vendor or partner’s system, compromising your organization’s data.

• Example: A payroll service provider is hacked, exposing the employee data of a client company.

Cloud Storage Misconfiguration

• Description: Misconfigured cloud services, like databases or file storage, expose sensitive data to the internet unintentionally.

• Example: A company leaves an Amazon S3 bucket containing customer information publicly accessible without proper authentication.

Malware-Based Breach

• Description: Malware infects systems and facilitates unauthorized access to data, including keylogging, spyware, or other types of malware.

• Example: A Trojan horse is installed on a company’s network, collecting and transmitting sensitive data to attackers.

Card Skimming Breach

• Description: Attackers install skimming devices on point-of-sale systems or ATMs to capture credit or debit card data.

• Example: A skimmer placed on an ATM reads card details as customers use the machine, leading to theft of card information.

Mobile Device Breach

• Description: Mobile phones or tablets containing sensitive data are compromised through malware, insecure apps, or theft.

• Example: An employee’s phone infected with malware exposes company emails and documents stored on the device.

Denial-of-Service (DoS) Attack Data Breach

• Description: While the primary purpose of DoS attacks is service disruption, attackers sometimes use these attacks as a distraction to exfiltrate data.

• Example: During a DDoS attack, hackers use the chaos to infiltrate a network and steal confidential data unnoticed.

SQL Injection Breach

• Description: Attackers exploit vulnerabilities in web applications to execute malicious SQL queries, allowing them to access sensitive data in a database.

• Example: An insecure login form is exploited using SQL injection to extract usernames and passwords from a database.

Unsecured Network Breach

• Description: Attackers exploit unsecured or poorly configured Wi-Fi networks to gain unauthorized access to sensitive data.

• Example: Data is intercepted on an unsecured public Wi-Fi network through a Man-in-the-Middle (MitM) attack.

Denial-of-Service (DoS) Attack Data Breach

• Description: DoS attacks are primarily intended to disrupt service, but in some cases, attackers use these to cover for data exfiltration.

• Example: A company hit by a DoS attack also suffers a simultaneous data theft as attention is diverted to restoring services.

Data on the Move Breach

• Description: Sensitive data in transit, such as during transfers between systems or devices, is intercepted or compromised.

• Example: An unsecured email containing customer payment information is intercepted by an attacker while being transmitted.

Dumpster Diving Breach

• Description: Attackers physically search through discarded materials (like paper records) to find sensitive information.

• Example: Discarded documents in a company’s trash contain customer records, which are retrieved by attackers.

Business Email Compromise (BEC)

• Description: Attackers impersonate an executive or trusted entity through email, convincing employees to transfer sensitive information or funds.

• Example: A fake email from the CFO instructs an employee to transfer sensitive client data to an external party.

Shadow IT Threats

Unapproved software or hardware used by employees that bypasses IT oversight, creating security vulnerabilities.

Telephony Signaling Attacks

These telecom signaling attacks or telephony network vulnerabilities exploit weaknesses in the signaling protocols that mobile networks use to route calls and messages. Some of the common attack vectors in this category include:

• SS7 Attacks: Exploiting weaknesses in the Signaling System 7 (SS7) protocol, allowing hackers to intercept communications, track locations, and redirect calls and texts.

• Diameter Attacks: Diameter is a newer protocol used in 4G and 5G networks but is still vulnerable to certain attacks similar to those in SS7.

• SIP Attacks: The Session Initiation Protocol (SIP) is used for managing voice over IP (VoIP) calls and can be targeted for call interception or session hijacking.

• SMS Spoofing: Attackers send fake messages that appear to come from trusted sources, often for phishing or scamming purposes.

• SIM Swap Attacks: Hackers transfer a victim’s phone number to their own SIM card by exploiting weaknesses in mobile carrier security processes, allowing them to intercept two-factor authentication (2FA) codes and access accounts.

• Vishing: A form of phishing conducted over the phone, where attackers use social engineering to trick victims into revealing sensitive information.

Database Attacks

Each of these database attacks highlights how attackers can exploit weaknesses beyond simple SQL Injection, especially in modern databases and applications:

• SQL Injection: attackers manipulate queries to a database to gain unauthorized access or corrupt data by injecting malicious SQL code.

• NoSQL Injection similar to SQL Injection, but targets NoSQL databases (e.g., MongoDB, Couchbase). Attackers inject malicious queries into applications using untrusted input to manipulate or expose data.

• XML External Entity (XXE) attacks: uploading or inputting malicious XML content that can exploit vulnerabilities in the XML parser, allowing attackers to access files or execute remote code on the database server.

• Privilege Escalation: attackers exploit flaws in the database’s access control mechanisms to gain higher-level privileges, giving them unauthorized access to sensitive data or administrative capabilities.

• Database Misconfiguration Attacks: poorly configured databases (e.g., default passwords, open ports) can be exploited by attackers to gain access, modify data, or delete databases without needing advanced technical skills.

• Database Dump Attacks: attackers use tools or exploits to extract a full copy of the database. This often happens when database backups are not properly secured, or if the database is not encrypted.

• Buffer Overflow Attacks: attackers exploit software bugs in the database server, such as buffer overflows, to execute arbitrary code or crash the database, compromising its integrity and availability.

• Timing Attacks: attackers observe how long a database takes to respond to certain queries, allowing them to infer sensitive information based on response times, such as whether a query returned true or false.

• Data Exfiltration via Out-of-Band Channels: attackers leverage vulnerabilities to send data from a compromised database to an external source, bypassing regular data exfiltration monitoring systems.

• Stored Procedure Attacks: vulnerabilities in stored procedures (pre-written SQL code) can be exploited if these procedures are insecurely written, allowing attackers to manipulate data or execute unauthorized actions.

• LDAP Injection is similar to SQL Injection but targets LDAP (Lightweight Directory Access Protocol) queries. Attackers can modify LDAP queries to bypass authentication mechanisms or access unauthorized data.

• Database Backdoor Attacks: attackers plant backdoors within the database or the database management system (DBMS), allowing persistent and undetected access for future exploitation.

Script Attacks

All these attacks rely on injecting or manipulating scripts in some form, making them highly dangerous in web applications where security vulnerabilities allow for code execution in the user’s browser or server:

• Cross-Site Scripting (XSS): malicious scripts are injected into trusted websites, allowing attackers to steal session cookies, user data, or take over user accounts.

• Cross-Site Request Forgery (CSRF): attackers trick users into performing unintended actions on a web application where they’re authenticated, like transferring money or changing account details. This happens without the user’s knowledge by exploiting their active session.

• HTML Injection: Malicious HTML code is injected into a web page, altering its structure or behavior. Attackers can inject form fields, modify the content, or create fake login prompts to steal user data.

• Script Injection: This involves injecting malicious scripts into web pages or web applications. An attacker could insert JavaScript or VBScript into input fields, which gets executed on the client-side.

• Content Security Policy (CSP) Bypass: Attackers find ways to bypass Content Security Policies (CSPs) put in place to block malicious scripts from being executed on websites, leading to XSS-like effects or data leakage.

• Browser Exploitation Framework (BeEF): This framework allows attackers to hook into the browsers of users who visit malicious or compromised sites, then use JavaScript payloads to exploit vulnerabilities, control sessions, or extract data.

• Clickjacking: Users are tricked into clicking hidden buttons or links by overlaying malicious code on legitimate buttons. Attackers can execute unauthorized actions on behalf of the user, like changing security settings.

• Remote File Inclusion (RFI): Attackers use file inclusion vulnerabilities to remotely execute malicious scripts from another server on the victim’s web application, gaining access to sensitive information or even full control over the server.

• Scripted Botnet Attacks: Malicious scripts are deployed across multiple infected systems (botnets), allowing attackers to execute large-scale attacks like Distributed Denial-of-Service (DDoS) or perform web scraping, stealing data from websites.

• JavaScript Keylogger Injection: Malicious JavaScript code is injected into web pages to log keystrokes entered by users. Attackers can capture login credentials, credit card information, or personal details this way.

• DOM-Based XSS: A subtype of XSS, where the vulnerability exists in the client-side JavaScript (within the DOM structure). It doesn’t involve server interaction, making it harder to detect and prevent.

• JavaScript-Based Cryptocurrency Mining (Cryptojacking): malicious JavaScript code is injected into a website that utilizes the user’s CPU resources for cryptocurrency mining without their consent, slowing down their system and using their power.

• Formjacking: malicious JavaScript is injected into web forms on e-commerce or other sites to steal users’ inputted credit card details and other sensitive information.

Brute Force Attacks

Brute Force Attacks involve using automated tools to repeatedly attempt password guesses or encryption keys until the correct one is found. These attacks are simple but can be highly effective if proper security measures aren’t in place. There are various types of brute force attacks, each with its own method of execution:

• Simple Brute Force Attack: This is the most basic form, where attackers try all possible combinations of a password or key manually or using automated software until the correct one is found. It can be very slow for strong passwords but effective against weak or short passwords. Example: An attacker tries every combination of a 4-digit PIN (0000 to 9999).

• Dictionary Attack: Instead of trying every possible combination, attackers use a predefined list of common passwords (a “dictionary”). These lists often contain the most commonly used passwords, such as “password123” or “qwerty.” It speeds up the process by focusing on commonly used or guessed passwords. Example: The attacker uses a dictionary of the top 1,000 most common passwords to crack a weak password like “123456.”

• Hybrid Brute Force Attack: A combination of dictionary attacks and brute force. The attacker first tries a dictionary of known or common passwords and then applies variations, such as adding numbers, special characters, or capitalization to improve chances of success. Example: An attacker tries “password123,” “Password123!” or “Password@123” to increase the chance of guessing the right password.

• Credential Stuffing: Attackers use username-password pairs obtained from previous data breaches to try on other websites, under the assumption that users often reuse passwords across different sites. This can be highly effective against users who don’t use unique passwords for different accounts. Example: An attacker tries the login credentials from a breached social media account on a bank website to gain unauthorized access.

• Reverse Brute Force Attack: Instead of guessing the password for a specific username, attackers start with a known password or a set of commonly used passwords and try it across multiple usernames until they find a match. This attack exploits the fact that many users have weak passwords. Example: The attacker uses “password123” and tests it on various accounts in an organization until they find one that works.

• Rainbow Table Attack: Attackers use precomputed hash values and their corresponding plaintext passwords to reverse the hashing process. Instead of hashing every guess during the attack, the attacker compares the target password’s hash to those in the rainbow table, speeding up the process significantly. Example: A hashed password (e.g., “5f4dcc3b5aa765d61d8327deb882cf99”) is compared to a rainbow table to quickly find its plaintext value (in this case, “password”).

• Exhaustive Key Search (Key Brute Force Attack): Attackers systematically try all possible keys in an encryption system until the correct one is found. This is typically done against systems using cryptographic keys, such as encrypted databases or files. The length of the key determines how long the attack will take. Example: Trying all possible 128-bit encryption keys to decrypt a file.

• Password Spraying: Unlike traditional brute force, where a single username is targeted, password spraying involves testing a few common passwords across a large number of accounts, often to avoid detection and account lockout mechanisms. Example: An attacker tries “Summer2024!” across many different user accounts within an organization, hoping to find a match without triggering too many lockouts.

• Mask Attack: A more focused version of brute force where the attacker knows certain aspects of the password (like its length, specific characters, or format) and uses that information to narrow down the search space. This attack is often combined with brute force to make it more efficient. Example: If the attacker knows the password is 8 characters long and starts with “A,” they will only try combinations that meet that pattern, significantly reducing the total number of guesses.

• Distributed Brute Force Attack: Attackers use multiple machines or a botnet to divide the workload of a brute force attack, significantly speeding up the attack. This method is useful for attacking more complex or well-secured systems where a single machine might take too long to succeed. Example: A large botnet attempts to brute force multiple accounts simultaneously, with each bot trying a portion of the possible combinations.

• Offline Brute Force Attack: In offline attacks, attackers obtain a file of hashed passwords (e.g., through a data breach) and use brute force on their own systems without any risk of detection by the target system. This is faster because the attacker doesn’t have to worry about account lockouts or rate-limiting. Example: An attacker uses a hash file from a compromised database to try all possible passwords offline until they find the correct one.

Watering Hole Attacks

Attackers compromise websites that a target group is known to frequent, delivering malware to anyone visiting the site. Watering hole attacks can take various forms based on the techniques and strategies employed by attackers. Here are some types of watering hole attacks:

• Malicious Code Injection: Attackers exploit vulnerabilities in a legitimate website to inject malicious scripts or code. When users visit the compromised site, the malware is delivered to their devices. Example: A hacker finds a vulnerability in a popular industry news website and injects JavaScript that downloads malware onto visitors’ devices.

• Drive-By Downloads: This method involves placing malicious code on a website that automatically downloads malware onto a user’s device without their consent when they visit. Example: Users visiting a compromised blog are unaware that malware is being silently downloaded and installed as soon as the page loads.

• Compromised Third-Party Resources: Attackers may target third-party resources or plugins commonly used by a website (like ads, widgets, or analytics tools). When the third-party service is compromised, any site using it can also distribute malware. Example: A popular ad network is hacked, and all websites displaying ads from that network inadvertently deliver malware to their visitors.

• Social Engineering Techniques for Websites: Attackers might create a fake website that mimics a legitimate site frequented by the target group. Users are tricked into visiting this malicious clone instead of the genuine site. Example: An attacker creates a fake version of a popular industry forum to lure users into providing their credentials or downloading malicious content.

• Spear Phishing with Watering Hole Tactics: Attackers combine watering hole tactics with spear phishing, where they first send targeted emails to individuals containing links to compromised sites. Example: A targeted email is sent to an employee with a link to a compromised vendor’s website, leading to malware installation when the link is clicked.

• Malicious Redirects: Attackers can manipulate a legitimate site to redirect visitors to a malicious website that hosts malware. Example: A well-known industry website has its URL modified to redirect users to a fake site where malware is hosted.

• Targeted Exploit Kits: Exploit kits are packages of malicious code that attackers use to target specific vulnerabilities in users’ browsers or devices. When a user visits the compromised site, the exploit kit assesses the user’s environment and delivers the appropriate malware. Example: A watering hole site is rigged with an exploit kit that can identify outdated software on the user’s device and exploit vulnerabilities to install malware.

• Session Hijacking: Attackers can compromise a legitimate site to steal session cookies or tokens, allowing them to hijack user sessions on other sites. Example: A compromised site collects session cookies from users logged into their bank accounts, enabling attackers to gain unauthorized access.

• Credential Harvesting: Attackers create fake login forms on compromised sites to collect usernames and passwords from unsuspecting users. Example: Users are redirected to a login page that looks like their company’s portal, and when they enter their credentials, those are sent directly to the attackers.

• Phishing via Watering Hole: Attackers may use watering hole tactics to distribute phishing links, leading users to a site designed to capture sensitive information. Example: A compromised forum contains posts with links to phishing sites where users are tricked into entering personal information.

General cybersecurity advice for business

Cybersecurity is essential for businesses of all sizes. A strong cybersecurity posture can help to protect your business from data breaches, financial losses, and reputational damage.

Here are some tips for how small businesses can protect themselves from cyber threats:

• Keep your software up to date.

• Use strong passwords and enable two-factor authentication.

• Be careful about what information you share online.

• Train your employees on cybersecurity awareness.

• Consider partnering with a IT service provider like Cyberkite that offers cybersecurity services.

Cyberkite offers comprehensive remote support services to help small businesses protect themselves from cyber threats.

Our team of security experts can help you to identify and address your vulnerabilities, develop a cybersecurity plan, and implement security controls.

Contact Cyberkite to learn more about how we can help you to keep your business safe: cyberkite.com.au/cybersecurity

There is a lot more folks. Stay tuned as we add them all in here.

References

• List of major data breaches

• List of cyber warfare forces

• List of major cyberattacks

• Dos vs DDoS Attacks: The Differences and How To Prevent Them

Year 2024 is the birth of humanoid robot bodies and from this point on they will advance with AI advances and very soon quantum computing to enhance it. Scary or exciting times? Let's see.

Why is 2024 the birth year for humanoid robots?

2024 has marked a pivotal moment for humanoid robotics, as companies push the boundaries of what’s possible in this advanced field. We have seen so many releases and we keep seeing new releases of humanoid robots this year as predicted by some.

The year 2024 there were more than four cutting-edge humanoid robots that have been unveiled, setting the stage for humanoid machines to become a reality in everyday life. Below, we explore some of the top contenders leading this robotics revolution.

1X NEO Beta: Your Future Home Companion?

Release Date: August 30, 2024

Focus: Home use, safety, and bio-inspired design

1X’s NEO Beta is designed to operate within household environments, where safety is a top priority. It features realistic movements that mimic human behavior, which is remarkable in the robotics industry.

This robot stands out as a candidate for revolutionizing home life, from assisting with chores to even providing companionship. Its deployment in select homes could be the first glimpse of humanoid robots becoming an everyday presence in our lives.

But this raises an interesting question: With robots becoming so life-like, will we eventually have robotic girlfriends or boyfriends? It’s a thought-provoking idea that sparks debate on how close human-robot relationships could become. This particular 1X Neo feels like a life companion.

Now onto Figure 02.

Figure 02: Reinventing Manufacturing?

Release Date: August 6, 2024

Focus: Industrial applications with future domestic & commercial applications

Figure Robotics released its second-generation humanoid, Figure 02, in August. Unlike its predecessor, Figure 02 features an entirely new hardware and software system. Equipped with advanced AI and human-scale hands, it is optimized for tasks in manufacturing environments, aiming to increase efficiency and productivity. As humanoid robots become more integrated into industrial settings, the line between human and machine capabilities continues to blur.

Tesla Optimus: A Factory Game Changer?

Update Date: June 14, 2024

Focus: Autonomous factory operations with future domestic and commercial applications

Tesla’s Optimus robot is one of the most anticipated humanoids of the decade. Two Optimus units are now working autonomously on Tesla’s factory floor, showcasing the company’s commitment to bringing humanoid robots into manufacturing.

Elon Musk’s vision of Optimus handling complex factory tasks could become a reality as early as 2025. While the robots’ full potential is still under development, this milestone marks significant progress toward a world where robots assist humans in high-skill jobs.

Now onto Boston Dynamics Electric Atlas.

Boston Dynamics Electric Atlas: Power and Precision?

Release Date: April 16, 2024

Focus: Real-world industrial challenges plus many future commercial applications

Boston Dynamics has once again advanced its famed Atlas robot, now fully electric. With enhanced strength and dexterity, the Electric Atlas is built to handle even more complex tasks in manufacturing and other demanding environments.

As a fully electric machine, it also addresses sustainability concerns, making it an attractive option for industries aiming to reduce carbon footprints. Partnering with Hyundai, Boston Dynamics is working to integrate Atlas into real-world applications, showing the commercial viability of these advanced robots.

Let’s now explore the relationship between Robotics and AI.

A New Era for Robotics and AI

As we witness the growing sophistication of these humanoid robots, it’s clear that 2024 is a groundbreaking year for robotics. With advancements in generative AI and robotics, humanoid machines are becoming more adept at handling both blue and white-collar tasks.

This convergence of AI and robotics signals a new era of collaboration between humans and machines, one that promises to reshape industries from manufacturing to home care.

Now let’s look forward into the future.

What Does the Future Hold?

While the benefits of humanoid robots are clear, improved productivity, safer workplaces, and enhanced quality of life, many questions arise:

What will be left for humans to do as robots take over more jobs?

How will this transformation impact our society and our sense of purpose?

Will humans find new ways to work alongside robots, or will automation lead to a shift in how we perceive labor and productivity?

These questions reflect the profound impact humanoid robots may have on the future. As this technology evolves, now is the time to reflect on how we can harness it to benefit all aspects of human life.

What do you think about this robotics revolution?

As humanoid robots become more sophisticated and integrated into everyday life, the next decade promises a dramatic shift in how we interact with technology. Several key trends and developments may shape the future of humanoid robotics:

1. Widespread Adoption in Industry: Over the next 10 years, humanoid robots will likely become essential in industries like manufacturing, logistics, and healthcare. These robots will not just automate repetitive tasks but also handle more complex roles, such as maintenance, quality control, and even customer interaction. Companies will invest heavily in humanoid robots, seeing them as critical assets for improving efficiency and reducing costs.

2. Household Integration: We could see humanoid robots like 1X’s NEO Beta becoming common in homes, where they would assist with daily chores, caregiving, and companionship. By 2034, it’s conceivable that advanced humanoids will be affordable for middle-class households, transforming the way we live and interact within our homes. They may act as assistants for elderly or disabled individuals, making independent living more accessible.

3. Human-Robot Relationships: As humanoid robots become more life-like and capable of complex social interactions, the nature of human relationships with machines may evolve. While it may sound like science fiction, we could see robots taking on emotional and social roles, leading to ethical discussions about the boundaries of human-robot relationships. Could robots replace human companionship for some individuals? What would that mean for society’s view of relationships and emotional fulfillment?

4. Workforce Transformation: As robots take over more jobs, both manual and cognitive—society will need to rethink the role of human workers. In the next decade, we could see the rise of new job sectors focused on overseeing, programming, and maintaining humanoid robots. Additionally, governments and industries may explore universal basic income (UBI) or other social support systems to address potential job displacement. Humans may shift toward more creative, strategic, and empathetic roles, areas where machines currently lack the necessary capabilities.

5. Ethics and Regulation: The rise of humanoid robotics will also bring a wave of ethical and regulatory challenges. Governments and international bodies will need to establish laws governing the rights of robots, safety protocols, and guidelines for human-robot interactions. The ethical concerns surrounding autonomy, privacy, and control will intensify, leading to debates about how much power should be given to AI-driven robots.

6. Advancements in AI and Emotional Intelligence: The next generation of humanoid robots could feature emotional intelligence, allowing them to better understand human emotions and respond accordingly. This would deepen their role in care settings, education, and even entertainment, as robots could engage more meaningfully with people on an emotional level.

In short, by 2034, humanoid robots could not only be an integral part of our professional and personal lives but also redefine what it means to be human in an age where intelligent machines walk among us.

The course of history for humanoid robotics is just beginning, and the next decade will be crucial in shaping how we live, work, and interact with these remarkable technologies.

Happy computing

Michael Plis